53 matches found
CVE-2014-1868
The affected software is Restlet Framework, specifically version 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1. The root cause is processing XML with XMLRepresentation or XML serializers that allows an XML Entity Expansion (XEE) attack, leading to denial of service. No exploit details are provided....
CVE-2014-1868
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...
CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
CVE-2013-4221
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...
UBUNTU-CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
Default configuration
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...
UBUNTU-CVE-2013-4221
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...
CVE-2013-4271
The Restlet framework vulnerability CVE-2013-4271 affects the ObjectRepresentation class in Restlet before 2.1.4. The issue arises when deserializing data from untrusted sources, using Java XMLDecoder, which can lead to remote code execution if an attacker provides a crafted serialized object. Th...
CVE-2013-4221
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...
CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
CVE-2013-4221
The Restlet vulnerability CVE-2013-4221 affects Restlet before 2.1.4, where ObjectRepresentation deserializes objects from untrusted sources using XMLDecoder. This allows remote attackers to execute arbitrary Java code via crafted XML, through the deserialization process on the server. Impact is ...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4
Red Hat JBoss Fuse 6.0.0 patch 4, which fixes three security issues and one bug, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...