The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
castor project castor 1.3 |
||
castor project castor |
||
castor project castor 1.3.1 |
||
opensuse project opensuse 12.3 |
||
opensuse opensuse 13.1 |