HomePentest-Tools.com Logo

Apache Roller XML-RPC Protocol XXE Vulnerability CVE-2014-0030

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Roller is prone to an XML external entity (XXE) vulnerability.

Risk description

The flaw is due to XML-RPC protocol support in Apache Roller. Successful exploitation will allow a remote attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. This vulnerability exists even if XML-RPC is disabled via the Roller Admin Console.

Recommendation

Upgrade to Apache Roller 5.0.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 10, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available