Pre-auth XXE → HTTP SSRF on ArubaOS 8.13.2 closed as “theoretical / no valid PoC” despite TCP pcap, sshd localhost log, and internal port scan — documenting for community review

News
Yanac

Pre-auth XXE on ArubaOS 8.13.2 port 32000 (default-xml-api, no auth required). Evidence: TCP pcap + sshd 127.0.0.1 log + 9 internal ports via SSRF. Closed as “theoretical / no valid PoC.” Full writeup + PoC + pcap on GitHub. submitted by /u/Pale_Surround_3924 [link] [comments]Technical Information Security Content & DiscussionRead More