cvelist/2014/3xxx/CVE-2014-3005.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2014-3005",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack",
            "refsource" : "FULLDISC",
            "url" : "http://seclists.org/fulldisclosure/2014/Jun/87"
         },
         {
            "name" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273",
            "refsource" : "MISC",
            "url" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273"
         },
         {
            "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496",
            "refsource" : "CONFIRM",
            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496"
         },
         {
            "name" : "https://support.zabbix.com/browse/ZBX-8151",
            "refsource" : "CONFIRM",
            "url" : "https://support.zabbix.com/browse/ZBX-8151"
         },
         {
            "name" : "FEDORA-2014-7594",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html"
         },
         {
            "name" : "FEDORA-2014-7603",
            "refsource" : "FEDORA",
            "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html"
         },
         {
            "name" : "68075",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/68075"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2014-3005",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"value" : "XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "20140617 [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack",`
			`"refsource" : "FULLDISC",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "http://seclists.org/fulldisclosure/2014/Jun/87"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273",`
			`"refsource" : "MISC",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1110496"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://support.zabbix.com/browse/ZBX-8151",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "https://support.zabbix.com/browse/ZBX-8151"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2014-7594",`
			`"refsource" : "FEDORA",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "FEDORA-2014-7603",`
			`"refsource" : "FEDORA",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "68075",`
			`"refsource" : "BID",`
- Synchronized data. 2018-02-01 12:03:23 -05:00			`"url" : "http://www.securityfocus.com/bid/68075"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`