Arbitrary Code Execution

restlet is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary Java code using a malicious XML document due to the default configuration of the ObjectRepresentation class which performs deserialization of objects from untrusted sources using the Java XMLDecoder...

Moderate severity vulnerability that affects org.restlet.jse:org.restlet

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

GHSA-2MP8-QVQM-3XWQ Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

GHSA-CVJ4-G3GX-8VQQ Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

Restlet Framework Arbitrary File Access Vulnerability (CNVD-2017-38241)

Restlet Framework is the United States Restlet a lightweight REST framework . The framework can be assembled into a unified Web site and Web services Web applications . Restlet Framework 2.3.12 before the version has a security vulnerability . Remote attackers can exploit the vulnerability to...

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

UBUNTU-CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

UBUNTU-CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

Design/Logic Flaw

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14949

Restlet Framework before 2.3.12 is affected by CVE-2017-14949, allowing remote attackers to access arbitrary files via a crafted REST API HTTP request that triggers an XXE attack. The vulnerability is linked to XML representations (XmlRepresentation, DOMRepresentation, SaxRepresentation) and Jack...

CVE-2017-14868

CVE-2017-14868 affects Restlet Framework before 2.3.11 when using SimpleXMLProvider, enabling an XXE in a REST API HTTP request that can disclose arbitrary files. The issue specifically impacts the Jax-rs extension and is described across multiple sources as a file disclosure via external entity ...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

UBUNTU-CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...