CVE-2018-1000838: XEE
First published: Thu Dec 20 2018(Updated: )
autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sleuthkit Autopsy | <=4.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1000838?
CVE-2018-1000838 is considered a critical vulnerability due to its potential for data disclosure and denial of service.
How do I fix CVE-2018-1000838?
To fix CVE-2018-1000838, upgrade to a version of Autopsy that is greater than 4.9.0.
What type of vulnerability is CVE-2018-1000838?
CVE-2018-1000838 is an XML External Entity (XXE) vulnerability affecting Autopsy's CaseMetadata XML Parser.
What are the potential impacts of CVE-2018-1000838?
Exploiting CVE-2018-1000838 can lead to disclosure of confidential data, denial of service, SSRF, and port scanning.
In which versions of Autopsy does CVE-2018-1000838 exist?
CVE-2018-1000838 affects all versions of Autopsy up to and including 4.9.0.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sleuthkit
- canonical/sleuthkit autopsy
- version/sleuthkit autopsy/4.9.0