The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
References
Link | Resource |
---|---|
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ | Third Party Advisory URL Repurposed |
https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E | |
https://www.exploit-db.com/exploits/45341/ | Exploit Third Party Advisory VDB Entry |
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ | Third Party Advisory URL Repurposed |
https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E | |
https://www.exploit-db.com/exploits/45341/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ - Third Party Advisory, URL Repurposed | |
References | () https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E - | |
References | () https://www.exploit-db.com/exploits/45341/ - Exploit, Third Party Advisory, VDB Entry |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ - Third Party Advisory, URL Repurposed |
07 Nov 2023, 02:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-10-10 01:30
Updated : 2024-11-21 02:01
NVD link : CVE-2014-0030
Mitre link : CVE-2014-0030
CVE.ORG link : CVE-2014-0030
JSON object : View
Products Affected
apache
- roller
CWE
CWE-611
Improper Restriction of XML External Entity Reference