CVE-2014-0225
Description
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.231
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-0225 are fixed in Spring-webmvc 4.0.5 | Windows |
| Vulnerabilities CVE-2014-0225,CVE-2014-0054 are fixed in Spring-webmvc 3.2.8 | Windows |
| Vulnerabilities CVE-2014-0225 are fixed in Spring-webmvc for Linux 4.0.5 | Linux |
| Vulnerabilities CVE-2014-0225,CVE-2014-0054 are fixed in Spring-webmvc for Linux 3.2.8 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234