Spring Framework CVE-2014-0054 Multiple XML External Entity Injection Vulnerabilities

Bugtraq ID: 66148
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2014-0054
Remote: Yes
Local: No
Published: Mar 12 2014 12:00AM
Updated: Oct 26 2016 11:08AM
Credit: Spase Markovski
Vulnerable: Redhat JBoss Fuse 6.0.0
Redhat JBoss A-MQ 6.0.0
IBM Websphere Portal 8.5
IBM Websphere Portal 8.0
IBM Websphere Portal 8.0.0.1
GoPivotal Spring Framework (Spring MVC) 4.0.1
GoPivotal Spring Framework (Spring MVC) 4.0
GoPivotal Spring Framework (Spring MVC) 3.2.7
GoPivotal Spring Framework (Spring MVC) 3.2.6
GoPivotal Spring Framework (Spring MVC) 3.2.5
GoPivotal Spring Framework (Spring MVC) 4.0.0.RC2
GoPivotal Spring Framework (Spring MVC) 4.0.0.RC1
GoPivotal Spring Framework (Spring MVC) 4.0.0.M2
GoPivotal Spring Framework (Spring MVC) 4.0.0.M1
GoPivotal Spring Framework (Spring MVC) 3.2.4
GoPivotal Spring Framework (Spring MVC) 3.2.3
GoPivotal Spring Framework (Spring MVC) 3.2.2
GoPivotal Spring Framework (Spring MVC) 3.2.1
GoPivotal Spring Framework (Spring MVC) 3.0.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Redhat JBoss Fuse 6.1.0
Redhat JBoss A-MQ 6.1.0
GoPivotal Spring Framework (Spring MVC) 4.0.2
GoPivotal Spring Framework (Spring MVC) 3.2.8


 

Privacy Statement
Copyright 2010, SecurityFocus