CVE Vulnerabilities

CVE-2014-1868

Published: Oct 06, 2014 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

Affected Software

Name Vendor Start Version End Version
Restlet_framework Restlet 2.1.1 2.1.1
Restlet_framework Restlet 2.1.2 2.1.2
Restlet_framework Restlet 2.1.0 2.1.0
Restlet_framework Restlet 2.2 2.2
Restlet_framework Restlet 2.1.6 2.1.6
Restlet_framework Restlet 2.2 2.2
Restlet_framework Restlet 2.1.4 2.1.4
Restlet_framework Restlet 2.1.3 2.1.3
Restlet_framework Restlet 2.2 2.2
Restlet_framework Restlet 2.1.5 2.1.5
Restlet_framework Restlet 2.2 2.2
Restlet_framework Restlet 2.2 2.2
Restlet_framework Restlet * 2.2

References