Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3630

Опубликовано: 29 дек. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.1:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.2:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.00708
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

github логотип

GHSA-xpw4-hqm8-rj97

CVSS3: 9.8
github
больше 3 лет назад

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

EPSS

Процентиль: 72%
0.00708
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611