Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-2797

XML Vulnerability in Crowd

    XMLWordPrintable

    Details

      Description

      We have identified and fixed a vulnerability in Crowd that results from the way XML parsers are used. This vulnerability allows an attacker to:

      • Execute denial of service attacks against the Crowd server, or
      • Read all local files readable to the system user under which Crowd runs.

      All versions of Crowd up to and including 2.4.0 are affected by this vulnerability.

      Full details of the severity, risks and vulnerability can be found in the Crowd Security Advisory 2012-05-17.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              vosipov VitalyA
              Reporter:
              jwalton joe
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: