CVE-2014-3005

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Published : 2018-02-01 17:29 Updated : 2018-02-21 14:57

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Zabbix Zabbix 1.8 cpe:/a:zabbix:zabbix:1.8
Zabbix Zabbix 1.8.1 cpe:/a:zabbix:zabbix:1.8.1
Zabbix Zabbix 1.8.2 cpe:/a:zabbix:zabbix:1.8.2
Zabbix Zabbix 1.8.3 cpe:/a:zabbix:zabbix:1.8.3
Zabbix Zabbix 1.8.4 cpe:/a:zabbix:zabbix:1.8.4
Zabbix Zabbix 1.8.5 cpe:/a:zabbix:zabbix:1.8.5
Zabbix Zabbix 1.8.6 cpe:/a:zabbix:zabbix:1.8.6
Zabbix Zabbix 1.8.7 cpe:/a:zabbix:zabbix:1.8.7
Zabbix Zabbix 1.8.8 cpe:/a:zabbix:zabbix:1.8.8
Zabbix Zabbix 1.8.9 cpe:/a:zabbix:zabbix:1.8.9
Zabbix Zabbix 1.8.10 cpe:/a:zabbix:zabbix:1.8.10
Zabbix Zabbix 1.8.11 cpe:/a:zabbix:zabbix:1.8.11
Zabbix Zabbix 1.8.12 cpe:/a:zabbix:zabbix:1.8.12
Zabbix Zabbix 1.8.13 cpe:/a:zabbix:zabbix:1.8.13
Zabbix Zabbix 1.8.14 cpe:/a:zabbix:zabbix:1.8.14
Zabbix Zabbix 1.8.15 cpe:/a:zabbix:zabbix:1.8.15
Zabbix Zabbix 1.8.16 cpe:/a:zabbix:zabbix:1.8.16
Zabbix Zabbix 1.8.17 cpe:/a:zabbix:zabbix:1.8.17
Zabbix Zabbix 1.8.18 cpe:/a:zabbix:zabbix:1.8.18
Zabbix Zabbix 1.8.19 cpe:/a:zabbix:zabbix:1.8.19
Zabbix Zabbix 1.8.20 cpe:/a:zabbix:zabbix:1.8.20
Zabbix Zabbix 2.0.0 cpe:/a:zabbix:zabbix:2.0.0
Zabbix Zabbix 2.0.1 cpe:/a:zabbix:zabbix:2.0.1
Zabbix Zabbix 2.0.2 cpe:/a:zabbix:zabbix:2.0.2
Zabbix Zabbix 2.0.3 cpe:/a:zabbix:zabbix:2.0.3
Zabbix Zabbix 2.0.4 cpe:/a:zabbix:zabbix:2.0.4
Zabbix Zabbix 2.0.5 cpe:/a:zabbix:zabbix:2.0.5
Zabbix Zabbix 2.0.6 cpe:/a:zabbix:zabbix:2.0.6
Zabbix Zabbix 2.0.7 cpe:/a:zabbix:zabbix:2.0.7
Zabbix Zabbix 2.0.8 cpe:/a:zabbix:zabbix:2.0.8
Zabbix Zabbix 2.0.9 cpe:/a:zabbix:zabbix:2.0.9
Zabbix Zabbix 2.0.10 cpe:/a:zabbix:zabbix:2.0.10
Zabbix Zabbix 2.0.11 cpe:/a:zabbix:zabbix:2.0.11
Zabbix Zabbix 2.0.12 cpe:/a:zabbix:zabbix:2.0.12
Zabbix Zabbix 2.2.0 cpe:/a:zabbix:zabbix:2.2.0
Zabbix Zabbix 2.2.1 cpe:/a:zabbix:zabbix:2.2.1
Zabbix Zabbix 2.2.2 cpe:/a:zabbix:zabbix:2.2.2
Zabbix Zabbix 2.2.3 cpe:/a:zabbix:zabbix:2.2.3
Zabbix Zabbix 2.2.4 cpe:/a:zabbix:zabbix:2.2.4
Zabbix Zabbix 2.3.0 cpe:/a:zabbix:zabbix:2.3.0
Zabbix Zabbix 2.3.1 cpe:/a:zabbix:zabbix:2.3.1
Fedoraproject Fedora 19 cpe:/o:fedoraproject:fedora:19
Fedoraproject Fedora 20 cpe:/o:fedoraproject:fedora:20
  1. Fedoraproject (1) Search CVE
    1. Fedora (2) Search CVE
      1. 19
      2. 20
  2. Zabbix (1) Search CVE
    1. Zabbix (41) Search CVE
      1. 1.8
      2. 1.8.1
      3. 1.8.2
      4. 1.8.3
      5. 1.8.4
      6. 1.8.5
      7. 1.8.6
      8. 1.8.7
      9. 1.8.8
      10. 1.8.9
      11. 1.8.10
      12. 1.8.11
      13. 1.8.12
      14. 1.8.13
      15. 1.8.14
      16. 1.8.15
      17. 1.8.16
      18. 1.8.17
      19. 1.8.18
      20. 1.8.19
      21. 1.8.20
      22. 2.0.0
      23. 2.0.1
      24. 2.0.2
      25. 2.0.3
      26. 2.0.4
      27. 2.0.5
      28. 2.0.6
      29. 2.0.7
      30. 2.0.8
      31. 2.0.9
      32. 2.0.10
      33. 2.0.11
      34. 2.0.12
      35. 2.2.0
      36. 2.2.1
      37. 2.2.2
      38. 2.2.3
      39. 2.2.4
      40. 2.3.0
      41. 2.3.1

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2018-02-21 14:57
2018-02-01 17:29

New CVE