CVE-2014-0225
Framework: Information disclosure via SSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resoluciĆ³n de las referencias URI en una declaraciĆ³n DTD, lo que habilita ataques de tipo XXE.
It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-10-02 CVE Published
- 2024-02-05 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://pivotal.io/security/cve-2014-0225 | 2022-04-11 | |
https://access.redhat.com/security/cve/CVE-2014-0225 | 2014-10-01 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1110110 | 2014-10-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 3.0.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "3.0.0" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 3.1.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "3.1.0" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 3.2.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "3.2.0" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Framework Search vendor "Pivotal Software" for product "Spring Framework" | 4.0.0 Search vendor "Pivotal Software" for product "Spring Framework" and version "4.0.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.1 Search vendor "Vmware" for product "Spring Framework" and version "3.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.2 Search vendor "Vmware" for product "Spring Framework" and version "3.0.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.3 Search vendor "Vmware" for product "Spring Framework" and version "3.0.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.4 Search vendor "Vmware" for product "Spring Framework" and version "3.0.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.5 Search vendor "Vmware" for product "Spring Framework" and version "3.0.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.6 Search vendor "Vmware" for product "Spring Framework" and version "3.0.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.0.7 Search vendor "Vmware" for product "Spring Framework" and version "3.0.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.0 Search vendor "Vmware" for product "Spring Framework" and version "3.1.0" | rc1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.0 Search vendor "Vmware" for product "Spring Framework" and version "3.1.0" | rc2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.1 Search vendor "Vmware" for product "Spring Framework" and version "3.1.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.2 Search vendor "Vmware" for product "Spring Framework" and version "3.1.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.3 Search vendor "Vmware" for product "Spring Framework" and version "3.1.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.1.4 Search vendor "Vmware" for product "Spring Framework" and version "3.1.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.0 Search vendor "Vmware" for product "Spring Framework" and version "3.2.0" | rc1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.0 Search vendor "Vmware" for product "Spring Framework" and version "3.2.0" | rc2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.0 Search vendor "Vmware" for product "Spring Framework" and version "3.2.0" | rc2-a |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.1 Search vendor "Vmware" for product "Spring Framework" and version "3.2.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.2 Search vendor "Vmware" for product "Spring Framework" and version "3.2.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.3 Search vendor "Vmware" for product "Spring Framework" and version "3.2.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.4 Search vendor "Vmware" for product "Spring Framework" and version "3.2.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.5 Search vendor "Vmware" for product "Spring Framework" and version "3.2.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.6 Search vendor "Vmware" for product "Spring Framework" and version "3.2.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.7 Search vendor "Vmware" for product "Spring Framework" and version "3.2.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 3.2.8 Search vendor "Vmware" for product "Spring Framework" and version "3.2.8" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.0 Search vendor "Vmware" for product "Spring Framework" and version "4.0.0" | rc1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.0 Search vendor "Vmware" for product "Spring Framework" and version "4.0.0" | rc2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.1 Search vendor "Vmware" for product "Spring Framework" and version "4.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.2 Search vendor "Vmware" for product "Spring Framework" and version "4.0.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.3 Search vendor "Vmware" for product "Spring Framework" and version "4.0.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | 4.0.4 Search vendor "Vmware" for product "Spring Framework" and version "4.0.4" | - |
Affected
|