XML Entity Expansion (XEE) Attack in Revive Adserver before 3.0.6

XML Entity Expansion (XEE) Attack in Revive Adserver before 3.0.6

CVE-2014-8875 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

Learn more about our Cis Benchmark Audit For Server Software.