返回 CVE 瀏覽器

CVE-2014-2228

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1460%

EPSS Percentile19.12th

Published2020年2月19日

Last Modified2024年11月21日

Vulnerability Description

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

Affected Platforms (CPE)

📦

Talend

Restlet

<= 2.1.7

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

📦

Talend

Restlet

= 2.2

References & Advisories

🔗 https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370

🔗 https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370

相關漏洞威脅

CVE-2012-26567.5

An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtai...

CVE-2013-42217.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources us...

CVE-2013-42717.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, w...

CVE-2017-148687.5

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack...