CVE-2014-5035
NONE EPSS 82.7%
Published Aug 26, 201411y ago · Modified Jun 17, 20262w ago
Published Aug 26, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Threat Intelligence
EPSS Exploit Probability
82.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| opendaylight | opendaylight | 1.0 | any |
References 4
- packetstormsecurity.com http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html
- seclists.org http://seclists.org/fulldisclosure/2014/Aug/34
- securityfocus.com http://www.securityfocus.com/archive/1/533114/100/0/threaded
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/95254
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.