← Back

CVE-2014-0171

nvd nist
Published: Jan 15, 2015Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.

Affected (2)

Redhat
1 product
Jboss Data Virtualization
Odata4j Project
1 product
Odata4j
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jboss Data Virtualization
Up to 6.0.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Odata4j
All versions

References (4)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.