← Back

CVE-2018-1000828

nvd nist
Published: Dec 20, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.0
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 6.0
Source: NVD

Description

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.

Affected (92)

Products: Frostwire: Frostwire
Frostwire
1 product
Frostwire
Configuration A
92 vulnerable
Vulnerable SoftwareAffected Versions
Frostwire
Frostwire
Version 1.9.9 build246
Frostwire
Version 1.9.9 build247
Frostwire
Version 2.0.7 build263
Frostwire
Version 6.1.6 build166
Frostwire
Version 6.1.6 build167
Frostwire
Version 6.1.7 build168
Frostwire
Version 6.1.8 build169
Frostwire
Version 6.1.9 build172
Frostwire
Version 6.2.0 build173
Frostwire
Version 6.2.0 build174
Frostwire
Version 6.2.1 build175
Frostwire
Version 6.2.2 build176
Frostwire
Version 6.2.3 build177
Frostwire
Version 6.2.3 build178
Frostwire
Version 6.2.4 build179
Frostwire
Version 6.3.0 build180
Frostwire
Version 6.3.0 build181
Frostwire
Version 6.3.0 build182
Frostwire
Version 6.3.0 build183
Frostwire
Version 6.3.0 build184
Frostwire
Version 6.3.0 build185
Frostwire
Version 6.3.1 build186
Frostwire
Version 6.3.2 build187
Frostwire
Version 6.3.2 build188
Frostwire
Version 6.3.3 build189
Frostwire
Version 6.3.3 build190
Frostwire
Version 6.3.3 build193
Frostwire
Version 6.3.3 build255
Frostwire
Version 6.3.4 build193
Frostwire
Version 6.3.4 build194
Frostwire
Version 6.3.5 build195
Frostwire
Version 6.3.5 build197
Frostwire
Version 6.3.5 build198
Frostwire
Version 6.3.6 build201
Frostwire
Version 6.3.6 build202
Frostwire
Version 6.3.7 build203
Frostwire
Version 6.3.7 build204
Frostwire
Version 6.3.7 build205
Frostwire
Version 6.3.7 build206
Frostwire
Version 6.4.0 build207
Frostwire
Version 6.4.0 build208
Frostwire
Version 6.4.1 build209
Frostwire
Version 6.4.1 build210
Frostwire
Version 6.4.2 build212
Frostwire
Version 6.4.3 build214
Frostwire
Version 6.4.4 build215
Frostwire
Version 6.4.5 build218
Frostwire
Version 6.4.5 build219
Frostwire
Version 6.4.5 build220
Frostwire
Version 6.4.5 build221
Frostwire
Version 6.4.5 build222
Frostwire
Version 6.4.6 build223
Frostwire
Version 6.4.6 build227
Frostwire
Version 6.4.7 build228
Frostwire
Version 6.4.7 build229
Frostwire
Version 6.4.8 build230
Frostwire
Version 6.4.8 build232
Frostwire
Version 6.4.8 build233
Frostwire
Version 6.4.8 build234
Frostwire
Version 6.4.9 build235
Frostwire
Version 6.5.0 build236
Frostwire
Version 6.5.1 build238
Frostwire
Version 6.5.2 build239
Frostwire
Version 6.5.3 build240
Frostwire
Version 6.5.4 build241
Frostwire
Version 6.5.5 build242
Frostwire
Version 6.5.5 build243
Frostwire
Version 6.5.8 build244
Frostwire
Version 6.5.8 build245
Frostwire
Version 6.5.9 build246
Frostwire
Version 6.6.0 build248
Frostwire
Version 6.6.1 build249
Frostwire
Version 6.6.2 build250
Frostwire
Version 6.6.2 build251
Frostwire
Version 6.6.3 build252
Frostwire
Version 6.6.3 build253
Frostwire
Version 6.6.4 build256
Frostwire
Version 6.6.5 build257
Frostwire
Version 6.6.6 build258
Frostwire
Version 6.6.7 build529
Frostwire
Version 6.6.8 build260
Frostwire
Version 6.7.0 build261
Frostwire
Version 6.7.0 build262
Frostwire
Version 6.7.0 build264
Frostwire
Version 6.7.0 build265hotfix
Frostwire
Version 6.7.1 build266
Frostwire
Version 6.7.1 build267
Frostwire
Version 6.7.1 build268
Frostwire
Version 6.7.2 build269
Frostwire
Version 6.7.2 build270
Frostwire
Version 6.7.3 build271
Frostwire
Version 6.7.4 build272

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory

Timeline

No history available yet.