CVE-2011-3600
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2011-3600
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache OFBiz XML-RPC event handler 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache OFBiz是美国阿帕奇(Apache)软件基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。XML-RPC event handler是其中的一个XML-RPC(远程过程调用的分布式计算协议)事件处理程序。 Apache OFBiz 16.11.01版本至16.11.04版本中的XML-RPC event handler的/webtools/control/xmlrpc端点存在安全漏洞。攻击者可利用该漏洞泄露文件系统中的文件内容,探查开放的网络
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2011-3600
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2011/CVE-2011-3600.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2011-3600
Please Login to view more intelligence information
- https://security-tracker.debian.org/tracker/CVE-2011-3600x_refsource_MISC
- https://access.redhat.com/security/cve/cve-2011-3600x_refsource_MISC
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3600x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2011-3600
IV. Related Vulnerabilities
V. Comments for CVE-2011-3600
No comments yet