When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2017-05-25T17:00:00
Updated: 2024-08-06T09:05:39.298Z
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0225
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-05-25T17:29:00.207
Modified: 2024-11-21T02:01:41.860
Link: CVE-2014-0225
Redhat