CVE-2014-3004

EUVD-2022-4455
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
castor_projectcastor
𝑥
≤ 1.3.2
castor_projectcastor
1.3
castor_projectcastor
1.3.1
opensuseopensuse
13.1
opensuse_projectopensuse
12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
castor
artful
ignored
bionic
needed
cosmic
ignored
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lucid
dne
lunar
ignored
mantic
ignored
noble
needed
precise
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html
http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html
http://seclists.org/fulldisclosure/2014/May/142
http://secunia.com/advisories/59427
http://www.securityfocus.com/bid/67676
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html
http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html
http://seclists.org/fulldisclosure/2014/May/142
http://secunia.com/advisories/59427
http://www.securityfocus.com/bid/67676
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html