CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 1CVE-2014-2228
https://notcve.org/view.php?id=CVE-2014-2228
19 Feb 2020 — The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. La extensión XStream en HP Fortify SCA versiones anteriores a 2.2 RC3, permite a atacantes remotos ejecutar código arbitrario por medio de una deserialización no segura de mensajes XML. • https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14868
https://notcve.org/view.php?id=CVE-2017-14868
30 Nov 2017 — Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension. Las versiones anteriores a la 2.3.11 de Restlet Framework, al emplear SimpleXMLProvider, permiten que atacantes remotos acedan a archivos arbitrarios mediante un ataque de XXE en una petición HTTP de la API REST. Esto afecta al uso de la extensión Jax-rs. • https://github.com/restlet/restlet-framework-java/issues/1286 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-14949
https://notcve.org/view.php?id=CVE-2017-14949
30 Nov 2017 — Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation. Las versiones anteriores a la 2.3.12 de Restlet Framework permiten que atacantes remotos accedan a archivos arbitrarios mediante una petición HTTP de la API REST qu... • https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements • CWE-611: Improper Restriction of XML External Entity Reference •