Vulnerability Details : CVE-2015-7326
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2015-7326
- cpe:2.3:a:milton:webdav:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7326
1.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7326
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-7326
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7326
-
https://github.com/miltonio/milton2/commit/b5851c1
log returning null ACL · miltonio/milton2@b5851c1 · GitHubPatch;Third Party Advisory
-
https://github.com/miltonio/milton2/commit/b41072b
Merge pull request #67 from tuzzmaniandevil/master · miltonio/milton2@b41072b · GitHubPatch;Third Party Advisory
-
http://www.securityfocus.com/archive/1/536813/100/0/threaded
SecurityFocus
-
https://github.com/miltonio/milton2/commit/5f81b0c48a817d4337d8b0e99ea0b4744ecd720b
patch XXE vulnerability · miltonio/milton2@5f81b0c · GitHubPatch;Third Party Advisory
-
http://packetstormsecurity.com/files/134178/Milton-Webdav-2.7.0.1-XXE-Injection.html
Milton Webdav 2.7.0.1 XXE Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/77392
Milton Webdav CVE-2015-7326 XML External Entity Multiple Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
Jump to