Description

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2014-8875

Related Vulnerabilities

Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.11)

WordPress Plugin AffiliateWP Cross-Site Scripting (2.0.9)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)

Severity

Medium

Classification

CVE-2014-8875

Tags

Missing Update Known Vulnerabilities