SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP SugarCRM RSSDashlet XML external entity information disclosure attempt
This event is generated when an XML input containing a reference to an external entity is sent in response a SugarCRM RSSDashlet request Impact: Information Disclosure Details: SugarCRM RSSDashlet allows a remote authenticated user to request an RSS feed. If the RSS feed contains a reference to an external entity, for example 'file://', the webserver once it parses the XML, will disclose contents of the specified file through the web application dashlet. Ease of Attack:
No information provided
No public information
Known false positives, with the described conditions
The request for an XML file containing a reference to an external entity is not unique to SugarCRM and general usage is legit usage of an external entity. However, it is highly discouraged to enable this feature during XML parsing due to the many security issues regarding external entity references.
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None