Vulnerabilities > CVE-2014-0030 - XXE vulnerability in Apache Roller
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Common Weakness Enumeration (CWE)
D2sec
| name | Apache Roller File Disclosure |
| url | http://www.d2sec.com/exploits/apache_roller_file_disclosure.html |
Exploit-Db
| description | Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure). CVE-2014-0030. Webapps exploit for Linux platform. Tags: XML External Entity (XXE) |
| file | exploits/linux/webapps/45341.py |
| id | EDB-ID:45341 |
| last seen | 2018-10-07 |
| modified | 2018-09-06 |
| platform | linux |
| port | |
| published | 2018-09-06 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45341/ |
| title | Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/149257/apacheroller503-xxe.txt |
| id | PACKETSTORM:149257 |
| last seen | 2018-09-06 |
| published | 2018-09-06 |
| reporter | Marko Jokic |
| source | https://packetstormsecurity.com/files/149257/Apache-Roller-5.0.3-XML-Injection-File-Disclosure.html |
| title | Apache Roller 5.0.3 XML Injection / File Disclosure |