TROYANOSYVIRUS
Voltar para CVEs

CVE-2018-1000825

N/A

Descricao

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado12/20/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0

Produtos afetados

freecol:freecol

Fraquezas (CWE)

CWE-611

Referencias

https://0dd.zone/2018/10/28/freecol-XXE/(cve@mitre.org)
https://github.com/FreeCol/freecol/issues/26(cve@mitre.org)
https://0dd.zone/2018/10/28/freecol-XXE/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FreeCol/freecol/issues/26(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.