Description

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.

Remediation

References

CVE-2017-14868

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3836)

Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-5475)

WordPress Plugin Import any XML or CSV File to WordPress Pro Multiple Vulnerabilities (4.1.1)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2376)

Severity

High

Classification

CVE-2017-14868 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities