CVE-2011-3600 is a vulnerability in Apache OFBiz
Published on November 26, 2019

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.

NVD

Products Associated with CVE-2011-3600

Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.

Apache OFBiz

Affected Versions

OFBiz Version 16.11.01 to 16.11.04 is affected by CVE-2011-3600

Exploit Probability

EPSS

57.30%

Percentile

98.10%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2011-3600 is a vulnerability in Apache OFBizPublished on November 26, 2019

Products Associated with CVE-2011-3600

Affected Versions

Exploit Probability

CVE-2011-3600 is a vulnerability in Apache OFBiz
Published on November 26, 2019