CVE-2014-0225
N/A
N/A
Summary
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Spring Framework | 4.0.0 to 4.0.4 | affected |
| Pivotal | Spring Framework | 3.0.0 to 3.2.8 | affected |
| Pivotal | Spring Framework | Earlier unsupported versions may be affected | affected |
Weaknesses
- XXE
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.