exploitDog

CVE-2014-0030

Опубликовано: 10 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

Ссылки

https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
Third Party Advisory
URL Repurposed
https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
https://www.exploit-db.com/exploits/45341/
Exploit
Third Party Advisory
VDB Entry
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
Third Party Advisory
URL Repurposed
https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
https://www.exploit-db.com/exploits/45341/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:roller:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:roller:5.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.29063

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-2p7r-hc45-r2qc

CVSS3: 9.8

github

больше 3 лет назад

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

EPSS

Процентиль: 96%

0.29063

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611