CVE-2015-1833

Publication date 29 May 2015

Last updated 24 July 2024


Ubuntu priority

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Read the notes from the security team

Status

Package Ubuntu Release Status
jackrabbit 15.04 vivid
Fixed 2.3.6-1+deb8u1build0.15.04.1
14.10 utopic
Fixed 2.3.6-1+deb8u1build0.14.10.1
14.04 LTS trusty
Fixed 2.3.6-1+deb8u1build0.14.04.1
12.04 LTS precise Not in release

Notes


sbeattie

package only contains webdav module; however, vuln affects webdav module