CVE-2014-3630

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:lightbend:play_framework:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.1:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.2.2:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:-:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.2:rc2:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lightbend:play_framework:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc2:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc3:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.2:rc4:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:playframework:play_framework:2.2.5:*:*:*:*:*:*:*

History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ - () https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ -
References () https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ - () https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ -
References () https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf - Issue Tracking, Third Party Advisory () https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf - Issue Tracking, Third Party Advisory
References () https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity - Issue Tracking, Mitigation, Vendor Advisory () https://playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity - Issue Tracking, Mitigation, Vendor Advisory

07 Nov 2023, 02:20

Type Values Removed Values Added
References
  • {'url': 'https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ', 'name': 'https://groups.google.com/forum/#!msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ', 'name': 'https://groups.google.com/forum/#!topic/play-framework/WdbFvemsFDQ', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}
  • () https://groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ -
  • () https://groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ -

Information

Published : 2017-12-29 22:29

Updated : 2024-11-21 02:08


NVD link : CVE-2014-3630

Mitre link : CVE-2014-3630

CVE.ORG link : CVE-2014-3630


JSON object : View

Products Affected

lightbend

  • play_framework

playframework

  • play_framework
CWE
CWE-611

Improper Restriction of XML External Entity Reference