PT-2014-4332 · Restlet · Restlet Framework

Alvaro Munoz

Published

2014-10-06

Updated

2018-10-17

CVE-2014-1868

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Restlet Framework versions 2.1.x through 2.1.7 Restlet Framework versions 2.x.x through 2.2 RC1

Description The issue allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack when using XMLRepresentation or XML serializers.

Recommendations For versions 2.1.x through 2.1.7, update to version 2.1.7 or later. For versions 2.x.x through 2.2 RC1, update to version 2.2 RC1 or later.

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2014-1868

GHSA-73CQ-FHP3-8RPW

Affected Products

Restlet Framework

PT-2014-4332 · Restlet · Restlet Framework

CVE-2014-1868

Weakness Enumeration

Related Identifiers

Affected Products

References · 11