CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0030

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile38.82th
PublishedOct 10, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Apache

Roller

= 3.1
πŸ“¦
Apache

Roller

= 4.0
πŸ“¦
Apache

Roller

= 4.0.1
πŸ“¦
Apache

Roller

= 5.0
πŸ“¦
Apache

Roller

= 5.0.1
πŸ“¦
Apache

Roller

= 5.0.2

References & Advisories

πŸ”— https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
πŸ”— https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
πŸ”— https://www.exploit-db.com/exploits/45341/
πŸ”— https://liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/
πŸ”— https://mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3E
πŸ”— https://www.exploit-db.com/exploits/45341/

Related Vulnerabilities

CVE-2018-171989.8

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio...

CVE-2016-71627.5

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitr...

CVE-2021-335807.5

User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run...

CVE-2015-02497.2

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog t...