Vulnerabilities > CVE-2014-1868 - Unspecified vulnerability in Restlet Framework

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

restlet

NVD

Published: 2014-10-06

Updated: 2017-08-29

Summary

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part	Description	Count
Application	Restlet Restlet Restlet Framework 2.1.0 Restlet Restlet Framework 2.1.1 Restlet Restlet Framework 2.1.2 Restlet Restlet Framework 2.1.3 Restlet Restlet Framework 2.1.4 Restlet Restlet Framework 2.1.5 Restlet Restlet Framework 2.1.6 Restlet Restlet Framework 2.2 Restlet Restlet Framework *	13

Summary

Vulnerable Configurations

References