CVE-2018-1000825

DEB

Critical

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disc…

CVSS

10.0

Critical

EPSS

0.00

p48

Published

2018-01-01

Updated

2018-01-01

Description

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

Tags · CWE

Pre-auth

CWE-611

CAPEC-221

Affected products

FreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecolFreecol

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: C

Changed (C)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.002 · p48

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked
freecol		Tracked

Source databases

DEB

CVE

RED

UBU