What is CVE-2015-1833?

CVE-2015-1833 is a vulnerability in Apache Jackrabbit, classified under Improper Input Validation. Published 2015-05-29.

Is CVE-2015-1833 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Jackrabbit

CVE-2015-1833

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send r…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.515 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Jackrabbit — versions 2.2.0, 2.2.1, 2.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

DSA-3298 (vendor-advisory, x_refsource_DEBIAN)
74761 (vdb-entry, x_refsource_BID)
37110 (Exploit, exploit, x_refsource_EXPLOIT-DB)
[jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (Vendor Advisory, mailing-list, x_refsource_MLIST)
20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-1833?: CVE-2015-1833 is a vulnerability in Apache Jackrabbit, classified under Improper Input Validation. Published 2015-05-29.
Is CVE-2015-1833 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.