Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0225

Опубликовано: 25 мая 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:spring_framework:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.0:rc2-a:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00291
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

ubuntu логотип

CVE-2014-0225

CVSS3: 8.8
ubuntu
около 8 лет назад

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

redhat логотип

CVE-2014-0225

redhat
около 11 лет назад

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

debian логотип

CVE-2014-0225

CVSS3: 8.8
debian
около 8 лет назад

When processing user provided XML documents, the Spring Framework 4.0. ...

github логотип

GHSA-f93f-g33r-8pcp

CVSS3: 8.8
github
около 3 лет назад

Improper Restriction of XML External Entity Reference in Spring Framework

EPSS

Процентиль: 52%
0.00291
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611