CyberSec.Space Logo
返回 CVE 浏览器

CVE-2012-2656

HIGH
7.5
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile31.83th
Published2019年12月18日
Last Modified2024年11月21日

Vulnerability Description

An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.

Affected Platforms (CPE)

📦
Talend

Restlet

= 1.1.10

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2012/05/29/11
🔗 http://www.openwall.com/lists/oss-security/2012/05/29/9
🔗 https://access.redhat.com/security/cve/cve-2012-2656
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656
🔗 https://security-tracker.debian.org/tracker/CVE-2012-2656
🔗 http://www.openwall.com/lists/oss-security/2012/05/29/11
🔗 http://www.openwall.com/lists/oss-security/2012/05/29/9
🔗 https://access.redhat.com/security/cve/cve-2012-2656

相关漏洞威胁

CVE-2013-42217.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources us...

CVE-2013-42717.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, w...

CVE-2017-148687.5

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack...

CVE-2017-149497.5

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conduct...