Lucene search

[email protected]CVE-2014-3630

HistoryDec 29, 2017 - 10:29 p.m.

CVE-2014-3630

2017-12-2922:29:00

CWE-611

[email protected]

web.nvd.nist.gov

cve-2014-3630

xml external entity

xxe

vulnerability

java

xml processing

play

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

Affected configurations

NVD

Node

lightbendplay_frameworkMatch2.2.0-

lightbendplay_frameworkMatch2.2.0milestone1

lightbendplay_frameworkMatch2.2.0milestone2

lightbendplay_frameworkMatch2.2.0milestone3

lightbendplay_frameworkMatch2.2.1-

lightbendplay_frameworkMatch2.2.2-

lightbendplay_frameworkMatch2.3.0-

lightbendplay_frameworkMatch2.3.0rc1

lightbendplay_frameworkMatch2.3.0rc2

lightbendplay_frameworkMatch2.3.1

lightbendplay_frameworkMatch2.3.2-

lightbendplay_frameworkMatch2.3.2rc1

lightbendplay_frameworkMatch2.3.2rc2

lightbendplay_frameworkMatch2.3.3

lightbendplay_frameworkMatch2.3.4

playframeworkplay_frameworkMatch2.2.0rc1

playframeworkplay_frameworkMatch2.2.1rc1

playframeworkplay_frameworkMatch2.2.2rc1

playframeworkplay_frameworkMatch2.2.2rc2

playframeworkplay_frameworkMatch2.2.2rc3

playframeworkplay_frameworkMatch2.2.2rc4

playframeworkplay_frameworkMatch2.2.3

playframeworkplay_frameworkMatch2.2.4

playframeworkplay_frameworkMatch2.2.5

CPENameOperatorVersion
lightbend:play_frameworklightbend play frameworkeq2.2.0
lightbend:play_frameworklightbend play frameworkeq2.2.1
lightbend:play_frameworklightbend play frameworkeq2.2.2
lightbend:play_frameworklightbend play frameworkeq2.3.0
lightbend:play_frameworklightbend play frameworkeq2.3.1
lightbend:play_frameworklightbend play frameworkeq2.3.2
lightbend:play_frameworklightbend play frameworkeq2.3.3
lightbend:play_frameworklightbend play frameworkeq2.3.4
playframework:play_frameworkplayframework play frameworkeq2.2.0
playframework:play_frameworkplayframework play frameworkeq2.2.1

CPE	Name	Operator	Version
lightbend:play_framework	lightbend play framework	eq	2.2.0
lightbend:play_framework	lightbend play framework	eq	2.2.1
lightbend:play_framework	lightbend play framework	eq	2.2.2
lightbend:play_framework	lightbend play framework	eq	2.3.0
lightbend:play_framework	lightbend play framework	eq	2.3.1
lightbend:play_framework	lightbend play framework	eq	2.3.2
lightbend:play_framework	lightbend play framework	eq	2.3.3
lightbend:play_framework	lightbend play framework	eq	2.3.4
playframework:play_framework	playframework play framework	eq	2.2.0
playframework:play_framework	playframework play framework	eq	2.2.1

Rows per page:

1-10 of 141

References

groups.google.com/forum/#%21msg/play-framework/7uNX_ImTW08/AogWSjsTAyQJ

groups.google.com/forum/#%21topic/play-framework/WdbFvemsFDQ

infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf

playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2014-3630

cvelist1 prion1 nvd1