SecuritySpace - CVE-2013-3925

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2013-3925

Description: Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.

Test IDs: 1.3.6.1.4.1.25623.1.0.803830

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-3925
http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf

CVE ID:	CVE-2013-3925
Description:	Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.
Test IDs:	1.3.6.1.4.1.25623.1.0.803830
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3925 http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf