CVE-2017-14868
- EPSS 2.52%
- Veröffentlicht 30.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CVE-2017-14949
- EPSS 2.41%
- Veröffentlicht 30.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This ...
CVE-2013-4221
- EPSS 2.95%
- Veröffentlicht 10.10.2013 00:55:14
- Zuletzt bearbeitet 29.04.2026 01:13:23
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
CVE-2013-4271
- EPSS 2.83%
- Veröffentlicht 10.10.2013 00:55:14
- Zuletzt bearbeitet 29.04.2026 01:13:23
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-...