5 matches found
CVE-2014-6114
The CVE-2014-6114 issue affects IBM WebSphere ENTERPRISE products in the IBM ODM/Rules stack: Hosted Transparent Decision Service in Rule Execution Server, impacting WebSphere ILOG JRules 7.1 (before MP1 FP5 IF43); WebSphere ODM 7.5 (before FP3 IF41); ODM 8.0 (before MP1 FP2 IF34); ODM 8.5 (befor...
CVE-2014-8474
CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...
FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)
Tomcat Security Team reports : Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
CVE-2013-4152
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...
CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...