QwikSec

Security Database

CVE

CWE

Training

CVE-2014-5392

Published: Sep 23, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.sos-berlin.com/modules/news/article.php?storyid=73

x_refsource_CONFIRM

http://www.christian-schneider.net/advisories/CVE-2014-5392.txt

x_refsource_MISC

https://change.sos-berlin.com/browse/JS-1204

x_refsource_CONFIRM

http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html

x_refsource_MISC

20140907 CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.