The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-06-11 14:55
Updated : 2024-02-04 18:35
NVD link : CVE-2014-3004
Mitre link : CVE-2014-3004
CVE.ORG link : CVE-2014-3004
JSON object : View
Products Affected
opensuse_project
- opensuse
castor_project
- castor
opensuse
- opensuse
CWE
CWE-611
Improper Restriction of XML External Entity Reference