CVE-2014-5035

Published: Aug 26, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Opendaylight: Opendaylight

Opendaylight

1 product

Opendaylight

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opendaylight Opendaylight	Version 1.0

References (8)

http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2014/Aug/34

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/533114/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/95254

Source: cve@mitre.org

http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2014/Aug/34

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/533114/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/95254

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.