CVE-2017-14868

Name of the Vulnerable Software and Affected Versions Restlet Framework versions prior to 2.3.11

Description The issue allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request, specifically when using SimpleXMLProvider with the Jax-rs extension.

Recommendations For versions prior to 2.3.11, update to version 2.3.11 or later to resolve the issue. As a temporary workaround, consider disabling the SimpleXMLProvider until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.