When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-05-25T17:00:00

Updated: 2024-08-06T09:05:39.298Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-05-25T17:29:00.207

Modified: 2024-11-21T02:01:41.860

Link: CVE-2014-0225

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-05-28T00:00:00Z

Links: CVE-2014-0225 - Bugzilla