Restlet : Security Vulnerabilities, CVEs, CVSS score >= 1

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.
Max CVSS
7.5
EPSS Score
1.06%
Published
2017-11-30
Updated
2017-12-15

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
Max CVSS
7.5
EPSS Score
0.25%
Published
2017-11-30
Updated
2017-12-15

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
Max CVSS
5.0
EPSS Score
0.24%
Published
2014-10-06
Updated
2017-08-29

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Max CVSS
7.5
EPSS Score
0.86%
Published
2013-10-10
Updated
2016-12-06

CVE-2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Max CVSS
7.5
EPSS Score
1.68%
Published
2013-10-10
Updated
2016-12-07
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close