CVE-2014-1868
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/10/2014
Last modified:
12/04/2025
Description
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:restlet:restlet_framework:*:milestone6:*:*:*:*:*:* | 2.2 (including) | |
| cpe:2.3:a:restlet:restlet_framework:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.2:milestone1:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.2:milestone2:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.2:milestone3:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.2:milestone4:*:*:*:*:*:* | ||
| cpe:2.3:a:restlet:restlet_framework:2.2:milestone5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/56940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91181
- https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements
- http://secunia.com/advisories/56940
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91181
- https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements