4.3
CVSSv2

CVE-2014-3004

Published: 11/06/2014 Updated: 20/10/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

castor project castor

castor project castor 1.3.1

castor project castor 1.3

opensuse project opensuse 12.3

opensuse opensuse 13.1

Exploits

source: wwwsecurityfocuscom/bid/67676/info Castor Library is prone to an information-disclosure vulnerability An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks Caster Library 133-RC1 and earlier are vulnerable =========================================================== Pro ...

Mailing Lists

Castor Library version 133-RC1 suffers from a file disclosure vulnerability via XXE injection ...
Cisco WebEx Meetings Server suffers from an XML external entity injection vulnerability ...