XML Entity Expansion (XEE) Attack in Restlet Framework 2.1.x and 2.x.x

XML Entity Expansion (XEE) Attack in Restlet Framework 2.1.x and 2.x.x

CVE-2014-1868 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.

Learn more about our Web Application Penetration Testing UK.