XML External Entity (XXE) Vulnerability in Castor SAX Parser

XML External Entity (XXE) Vulnerability in Castor SAX Parser

CVE-2014-3004 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.

Learn more about our External Network Penetration Testing.