OpenDaylight 1.0 Netconf Service XML External Entity (XXE) Vulnerability

OpenDaylight 1.0 Netconf Service XML External Entity (XXE) Vulnerability

CVE-2014-5035 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.

Learn more about our External Network Penetration Testing.