CVE-2014-0030: XEE
First published: Mon Oct 09 2017(Updated: )
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Roller | =3.1 | |
| Apache Roller | =4.0 | |
| Apache Roller | =4.0.1 | |
| Apache Roller | =5.0 | |
| Apache Roller | =5.0.1 | |
| Apache Roller | =5.0.2 | |
| =3.1 | ||
| =4.0 | ||
| =4.0.1 | ||
| =5.0 | ||
| =5.0.1 | ||
| =5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
- https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw@mail.gmail.com%3E
- https://www.exploit-db.com/exploits/45341/
- https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache roller
- version/apache roller/3.1
- version/apache roller/4.0
- version/apache roller/4.0.1
- version/apache roller/5.0
- version/apache roller/5.0.1
- version/apache roller/5.0.2