XXE vulnerability in Restlet Framework before 2.3.11 allows remote file access via REST API HTTP request

XXE vulnerability in Restlet Framework before 2.3.11 allows remote file access via REST API HTTP request

CVE-2017-14868 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.

Learn more about our Api Penetration Testing.