17 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-3004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a...
Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in Castor Library
Summary Castor Library used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2014-3004 Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE...
Security Bulletin: XML External Entity Injection vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2014-3004
Summary IBM Business Automation Workflow is vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processi...
com.amazonaws.s3:jets3t (=0.5.0), com.cloudbees.cd.plugins.specs:com.cloudbees.cd.plugins.specs.gradle.plugin (>=1.1.10.11 <=1.1.10.29) +143 more potentially affected by CVE-2014-3004 via castor:castor (>=0.9.4 <=1.0)
castor:castor MAVEN version =0.9.4, =1.1.10.11, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.1.1 - geronimo:j2ee-security =1.0 - geronimo:javamail =1.0 - geronimo:jetty =1.0 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...
Mageia: Security Advisory (MGASA-2014-0556)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Castor Library vulnerablity (CVE-2014-3004)
Summary The Castor Project Castor library is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain...
Security Bulletin: XML External Entity Processing in Castor might affect IBM Business Process Manager (CVE-2014-3004)
Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in IBM Business Process Manager BPM. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information,...
Security Bulletin: XML External Entity Processing in Castor might affect WebSphere Lombardi Edition (CVE-2014-3004)
Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in WebSphere Lombardi Edition WLE. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information, cause...
MGASA-2014-0556 Updated castor packages fix CVE-2014-3004
Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...
Fedora 20 : castor-1.3.3-1.fc20 (2014-16346)
Update to latest upstream point release containing fix for CVE-2014-3004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
openSUSE Security Update : castor (openSUSE-SU-2014:0822-1)
castor was updated to prevent XXE attacks via crafted XML documents CVE-2014-3004. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-435. The text description of this plugin is C...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
CVE-2014-3004
CVE-2014-3004 affects the Castor Library: the default configuration of the Xerces SAX Parser in Castor prior to version 1.3.3 allows XML External Entity (XXE) processing via crafted XML, enabling context-dependent attackers to disclose sensitive information. The issue is mitigated by upgrading Ca...
Castor Library XXE Disclosure
Castor Library Default Configuration could lead to XML External Entity XXE Attack Vulnerability Type: Local or Remote File Disclosure Reporter: Ron Gutierrez [email protected] and Adam Bixby [email protected] Company: Gotham Digital Science [email protected] Affected Software:...
Castor Library CVE-2014-3004 XML External Entity Information Disclosure Vulnerability
...
CVE-2014-3004
creationtimestamp| type| source ---|---|--- 2014-05-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39205...