Lucene search
RedhatCVELIST:CVE-2014-0054HistoryApr 17, 2014 - 2:00 p.m.
CVE-2014-0054
2014-04-1714:00:00
redhat
www.cve.org
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Related
github
github
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:38
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:39
Missing XML Validation in Spring Framework
2022-05-13 01:02:38
nvd
nvd
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
osv
osv
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:38
Cross-Site Request Forgery in Spring Framework
2022-05-13 01:02:39
Missing XML Validation in Spring Framework
2022-05-13 01:02:38
cvelist
cvelist
ibm
ibm
securityvulns
securityvulns
openvas
openvas
Debian: Security Advisory (DSA-2842-1)
2014-01-12 00:00:00
Mageia: Security Advisory (MGASA-2014-0096)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 2857-1] libspring-java security update
2014-02-08 14:41:58
[SECURITY] [DSA 2842-1] libspring-java security update
2014-01-13 16:06:06
[SECURITY] [DSA 2890-1] libspring-java security update
2014-03-29 19:21:40
mageia
mageia
Updated springframework package fixes security vulnerabilities
2014-02-26 01:35:01
Updated springframework packages fix CVE-2013-4152
2014-02-10 23:51:48
Updated springframework packages fix multiple vulnerabilities
2014-04-03 05:07:29
nessus
nessus
Debian DSA-2857-1 : libspring-java - several vulnerabilities
2014-02-10 00:00:00
Debian DSA-2842-1 : libspring-java - denial of service
2014-01-14 00:00:00
RHEL 7 : activemq (Unpatched Vulnerability)
2024-06-03 00:00:00
checkpoint_advisories
checkpoint_advisories
redhat
redhat
(RHSA-2014:0401) Moderate: Red Hat JBoss A-MQ 6.1.0 update
2014-04-14 13:36:41
(RHSA-2014:0212) Moderate: Red Hat JBoss SOA Platform 5.3.1 update
2014-02-25 16:33:00
(RHSA-2014:0400) Moderate: Red Hat JBoss Fuse 6.1.0 update
2014-04-14 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00