Vulnerabilities > CVE-2014-0030 - XXE vulnerability in Apache Roller
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
D2sec
name | Apache Roller File Disclosure |
url | http://www.d2sec.com/exploits/apache_roller_file_disclosure.html |
Exploit-Db
description | Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure). CVE-2014-0030. Webapps exploit for Linux platform. Tags: XML External Entity (XXE) |
file | exploits/linux/webapps/45341.py |
id | EDB-ID:45341 |
last seen | 2018-10-07 |
modified | 2018-09-06 |
platform | linux |
port | |
published | 2018-09-06 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45341/ |
title | Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/149257/apacheroller503-xxe.txt |
id | PACKETSTORM:149257 |
last seen | 2018-09-06 |
published | 2018-09-06 |
reporter | Marko Jokic |
source | https://packetstormsecurity.com/files/149257/Apache-Roller-5.0.3-XML-Injection-File-Disclosure.html |
title | Apache Roller 5.0.3 XML Injection / File Disclosure |
References
- https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
- https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
- https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
- https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
- https://www.exploit-db.com/exploits/45341/
- https://www.exploit-db.com/exploits/45341/