CVE-2017-14868
- EPSS 0.38%
- Veröffentlicht 30.11.2017 18:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CVE-2017-14949
- EPSS 0.51%
- Veröffentlicht 30.11.2017 18:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This ...
CVE-2013-4221
- EPSS 2.11%
- Veröffentlicht 10.10.2013 00:55:14
- Zuletzt bearbeitet 11.04.2025 00:51:21
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
CVE-2013-4271
- EPSS 0.49%
- Veröffentlicht 10.10.2013 00:55:14
- Zuletzt bearbeitet 11.04.2025 00:51:21
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-...