[Forgot Password]
Login  Register Subscribe

22198

 
 

114896

 
 

91011

 
 

909

 
 

75766

 
 

95

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-9355

Date: (C)2017-06-08   (M)2017-06-19
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

Reference:
http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt
http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html

© 2016 SecPod Technologies