CVE-2014-1868

Published: Oct 6, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

Affected (13)

Products: Restlet: Restlet Framework

Restlet

1 product

Restlet Framework

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Restlet Restlet Framework	Up to 2.2
Restlet Restlet Framework	Version 2.1.0
Restlet Restlet Framework	Version 2.1.1
Restlet Restlet Framework	Version 2.1.2
Restlet Restlet Framework	Version 2.1.3
Restlet Restlet Framework	Version 2.1.4
Restlet Restlet Framework	Version 2.1.5
Restlet Restlet Framework	Version 2.1.6
Restlet Restlet Framework	Version 2.2 milestone1
Restlet Restlet Framework	Version 2.2 milestone2
Restlet Restlet Framework	Version 2.2 milestone3
Restlet Restlet Framework	Version 2.2 milestone4
Restlet Restlet Framework	Version 2.2 milestone5

References (6)

http://secunia.com/advisories/56940

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91181

Source: cve@mitre.org

https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements

Source: cve@mitre.org

http://secunia.com/advisories/56940

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/91181

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.