Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2014-3004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a...

4.3CVSS7.2AI score0.07794EPSS
Exploits3References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/14 2:2 p.m.33 views

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in Castor Library

Summary Castor Library used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2014-3004 Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE...

4.3CVSS8.7AI score0.07794EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 9:46 p.m.19 views

Security Bulletin: XML External Entity Injection vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2014-3004

Summary IBM Business Automation Workflow is vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processi...

4.3CVSS8.7AI score0.07794EPSS
Exploits3Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:5 a.m.6 views

com.amazonaws.s3:jets3t (=0.5.0), com.cloudbees.cd.plugins.specs:com.cloudbees.cd.plugins.specs.gradle.plugin (>=1.1.10.11 <=1.1.10.29) +143 more potentially affected by CVE-2014-3004 via castor:castor (>=0.9.4 <=1.0)

castor:castor MAVEN version =0.9.4, =1.1.10.11, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.0, =1.1.1 - geronimo:j2ee-security =1.0 - geronimo:javamail =1.0 - geronimo:jetty =1.0 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...

4.3CVSS7.1AI score0.07794EPSS
Exploits3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2014-0556)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS8.5AI score0.07794EPSS
Exploits3References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:59 a.m.20 views

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Castor Library vulnerablity (CVE-2014-3004)

Summary The Castor Project Castor library is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain...

4.3CVSS0.4AI score0.07794EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.12 views

Security Bulletin: XML External Entity Processing in Castor might affect IBM Business Process Manager (CVE-2014-3004)

Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in IBM Business Process Manager BPM. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information,...

4.3CVSS0.6AI score0.07794EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.29 views

Security Bulletin: XML External Entity Processing in Castor might affect WebSphere Lombardi Edition (CVE-2014-3004)

Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in WebSphere Lombardi Edition WLE. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information, cause...

4.3CVSS0.1AI score0.07794EPSS
Exploits3Affected Software1
OSV
OSV
added 2014/12/31 12:28 p.m.5 views

MGASA-2014-0556 Updated castor packages fix CVE-2014-3004

Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...

4.3CVSS6.2AI score0.07794EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.24 views

Fedora 20 : castor-1.3.3-1.fc20 (2014-16346)

Update to latest upstream point release containing fix for CVE-2014-3004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

4.3CVSS7.5AI score0.07794EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2014/06/23 12:0 a.m.25 views

openSUSE Security Update : castor (openSUSE-SU-2014:0822-1)

castor was updated to prevent XXE attacks via crafted XML documents CVE-2014-3004. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-435. The text description of this plugin is C...

4.3CVSS7.5AI score0.07794EPSS
Exploits3References4
NVD
NVD
added 2014/06/11 2:55 p.m.12 views

CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.1AI score0.07794EPSS
Exploits3References8
UbuntuCve
UbuntuCve
added 2014/06/11 2:55 p.m.21 views

CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS7.1AI score0.07794EPSS
Exploits3References3
CVE
CVE
added 2014/06/11 2:0 p.m.102 views

CVE-2014-3004

CVE-2014-3004 affects the Castor Library: the default configuration of the Xerces SAX Parser in Castor prior to version 1.3.3 allows XML External Entity (XXE) processing via crafted XML, enabling context-dependent attackers to disclose sensitive information. The issue is mitigated by upgrading Ca...

4.3CVSS8.9AI score0.07794EPSS
Exploits3References8Affected Software1
Packet Storm
Packet Storm
added 2014/05/30 12:0 a.m.107 views

Castor Library XXE Disclosure

Castor Library Default Configuration could lead to XML External Entity XXE Attack Vulnerability Type: Local or Remote File Disclosure Reporter: Ron Gutierrez [email protected] and Adam Bixby [email protected] Company: Gotham Digital Science [email protected] Affected Software:...

4.3CVSS8.9AI score0.07794EPSS
Exploits3
Symantec
Symantec
added 2014/05/27 12:0 a.m.36 views

Castor Library CVE-2014-3004 XML External Entity Information Disclosure Vulnerability

...

4.3CVSS1.9AI score0.07794EPSS
Exploits3Affected Software5
Circl
Circl
added 2014/05/27 12:0 a.m.13 views

CVE-2014-3004

creationtimestamp| type| source ---|---|--- 2014-05-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39205...

4.3CVSS6.8AI score0.07794EPSS
Exploits3References1
Rows per page
Query Builder