XML External Entity Vulnerability in Apache Roller by Apache
CVE-2014-0030

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Roller
Vendor
CVE Published:
10 October 2017

Summary

The XML-RPC protocol in Apache Roller prior to version 5.0.3 is susceptible to XML External Entity (XXE) attacks, allowing malicious users to exploit the application's handling of XML data. This vulnerability can lead to unauthorized access to sensitive data and potential system manipulation through crafted XML requests.

References

https://www.exploit-db.com/exploits/45341/
exploitx_refsource_EXPLOIT-DB
https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_...
x_refsource_CONFIRM
https://mail-archives.apache.org/mod_mbox/roller-dev/2014...
mailing-listx_refsource_MLIST

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.