CVE-2014-0030

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ Third Party Advisory URL Repurposed
https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
https://www.exploit-db.com/exploits/45341/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:roller:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:roller:5.0.2:*:*:*:*:*:*:*
History

14 Feb 2024, 01:17

Type Values Removed Values Added
References () https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ - Third Party Advisory () https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/ - Third Party Advisory, URL Repurposed

07 Nov 2023, 02:18

Type Values Removed Values Added
References
  • {'url': 'https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw@mail.gmail.com%3E', 'name': '[roller-dev] 20140111 CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E -
Information

Published : 2017-10-10 01:30

Updated : 2024-02-14 01:17

NVD link : CVE-2014-0030

Mitre link : CVE-2014-0030

CVE.ORG link : CVE-2014-0030

JSON object : View

Products Affected

apache

  • roller
CWE
CWE-611

Improper Restriction of XML External Entity Reference