MGASA-2015-0242

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0242.html

Import Source

https://advisories.mageia.org/MGASA-2015-0242.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0242

Related

CVE-2015-1833

Published

2015-06-08T21:17:51Z

Modified

2015-06-08T21:06:49Z

Summary

Updated jackrabbit packages fix CVE-2015-1833

Details

Updated jackrabbit packages fix security vulnerability:

In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this can not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others (for instance, by inserting said content in a WebDAV property value using a PROPPATCH request). See also IETF RFC 4918, Section 20.6 (CVE-2015-1833).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / jackrabbit

Package

Name: jackrabbit
Purl: pkg:rpm/mageia/jackrabbit?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.2-6.1.mga4

Ecosystem specific

{
    "section": "core"
}