ID CVE-2014-3004
Summary The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
References
Vulnerable Configurations
  • Castor Project Castor 1.3
    cpe:2.3:a:castor_project:castor:1.3
  • Castor Project Castor 1.3.1
    cpe:2.3:a:castor_project:castor:1.3.1
  • Castor Project Castor 1.3.2
    cpe:2.3:a:castor_project:castor:1.3.2
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • cpe:2.3:o:opensuse_project:opensuse:12.3
    cpe:2.3:o:opensuse_project:opensuse:12.3
CVSS
Base: 4.3 (as of 06-12-2016 - 13:52)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Castor Library XML External Entity Information Disclosure Vulnerability. CVE-2014-3004. Remote exploits for multiple platform
id EDB-ID:39205
last seen 2016-02-04
modified 2014-05-27
published 2014-05-27
reporter Ron Gutierrez
source https://www.exploit-db.com/download/39205/
title Castor Library XML External Entity Information Disclosure Vulnerability
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-435.NASL
    description castor was updated to prevent XXE attacks via crafted XML documents (CVE-2014-3004).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76183
    published 2014-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76183
    title openSUSE Security Update : castor (openSUSE-SU-2014:0822-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16446.NASL
    description Update to latest upstream point release containing fix for CVE-2014-3004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79946
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79946
    title Fedora 21 : castor-1.3.3-1.fc21 (2014-16446)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-16346.NASL
    description Update to latest upstream point release containing fix for CVE-2014-3004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79935
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79935
    title Fedora 20 : castor-1.3.3-1.fc20 (2014-16346)
packetstorm via4
refmap via4
bid 67676
fulldisc 20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks
misc
secunia 59427
suse openSUSE-SU-2014:0822
Last major update 06-01-2017 - 21:59
Published 11-06-2014 - 10:55
Last modified 11-02-2019 - 15:29
Back to Top