CVE

Id
74477  
CVE No.
CVE-2014-7177  
Status
Candidate  
Description
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.  
Phase
Assigned (20140925)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
694573 74477 CVE-2014-7177 FULLDISC:20141028 CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap  View
694574 74477 CVE-2014-7177 URL:http://seclists.org/fulldisclosure/2014/Oct/120  View
694575 74477 CVE-2014-7177 MISC:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/  View
694576 74477 CVE-2014-7177 CONFIRM:https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog  View
694577 74477 CVE-2014-7177 CONFIRM:https://tuleap.net/plugins/tracker/?aid=7458  View
694578 74477 CVE-2014-7177 CONFIRM:https://www.tuleap.org/recent-vulnerabilities  View
694579 74477 CVE-2014-7177 BID:70771  View
694580 74477 CVE-2014-7177 URL:http://www.securityfocus.com/bid/70771  View
694581 74477 CVE-2014-7177 OSVDB:113680  View
694582 74477 CVE-2014-7177 URL:http://www.osvdb.org/113680  View
694583 74477 CVE-2014-7177 XF:tuleap-cve20147177-info-disc(98308)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
15750 JVNDB-2014-004625 Python の bufferobject.c における整数オーバーフローの脆弱性 Python の bufferobject.c には、整数オーバーフローの脆弱性が存在します。 CVE-2014-7185 74477 6.4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004625.html  View