CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:castor_project:castor:*:*:*:*:*:*:*:*
cpe:2.3:a:castor_project:castor:1.3:*:*:*:*:*:*:*
cpe:2.3:a:castor_project:castor:1.3.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*

History

20 Oct 2021, 11:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

Information

Published : 2014-06-11 14:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-3004

Mitre link : CVE-2014-3004

CVE.ORG link : CVE-2014-3004


JSON object : View

Products Affected

opensuse_project

  • opensuse

castor_project

  • castor

opensuse

  • opensuse
CWE
CWE-611

Improper Restriction of XML External Entity Reference