CVE-2014-0054: CVE-2014-0054

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-0054

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Vmware Spring Framework 跨站请求伪造漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Vmware Spring Framework是美国威睿（Vmware）公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 3.2.7及之前的版本和4.0.2之前的4.0.0版本中的Spring MVC的Jaxb2RootElementHttpMessageConverter中存在跨站请求伪造漏洞，该漏洞源于程序没有禁用外部实体解析。远程攻击者可借助特制的XML利用该漏洞读取任意文件，造成拒绝服务，实施CSRF攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-0054

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-0054

Please Login to view more intelligence information

https://jira.spring.io/browse/SPR-11376x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/66148vdb-entryx_refsource_BID
http://secunia.com/advisories/57915third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0400.htmlvendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2014-0054

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-0054

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2014-0054

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-0054

III. Intelligence Information for CVE-2014-0054

IV. Related Vulnerabilities

V. Comments for CVE-2014-0054

Leave a comment