{"id":"MGASA-2015-0242","summary":"Updated jackrabbit packages fix CVE-2015-1833","details":"Updated jackrabbit packages fix security vulnerability:\n\nIn Apache Jackrabbit before 2.4.6, When processing a WebDAV request body\ncontaining XML, the XML parser can be instructed to read content from network\nresources accessible to the host, identified by URI schemes such as \"http(s)\"\nor  \"file\". Depending on the WebDAV request, this can not only be used to\ntrigger internal network requests, but might also be used to insert said\ncontent into the request, potentially exposing it to the attacker and others\n(for instance, by inserting said content in a WebDAV property value using a\nPROPPATCH request). See also IETF RFC 4918, Section 20.6 (CVE-2015-1833).\n","modified":"2026-04-16T06:23:55.752205226Z","published":"2015-06-08T21:17:51Z","upstream":["CVE-2015-1833"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0242.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16003"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/05/21/6"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/05/21/7"}],"affected":[{"package":{"name":"jackrabbit","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/jackrabbit?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.2-6.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0242.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}