CVE-2014-8090 (GCVE-0-2014-8090)

Vulnerability from cvelistv5 – Published: 2014-11-21 15:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/59948 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-1912.html vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2015/dsa-3159 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/62050 third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1913.html vendor-advisoryx_refsource_REDHAT
https://support.apple.com/HT205267 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1911.html vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2015/dsa-3157 vendor-advisoryx_refsource_DEBIAN
http://advisories.mageia.org/MGASA-2014-0472.html x_refsource_CONFIRM
https://www.ruby-lang.org/en/news/2014/11/13/rexm… x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2412-1 vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/62748 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.securityfocus.com/bid/71230 vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2014-1914.html vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1589",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"
          },
          {
            "name": "59948",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59948"
          },
          {
            "name": "RHSA-2014:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1912.html"
          },
          {
            "name": "DSA-3159",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3159"
          },
          {
            "name": "62050",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62050"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "RHSA-2014:1913",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1913.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "RHSA-2014:1911",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1911.html"
          },
          {
            "name": "DSA-3157",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0472.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
          },
          {
            "name": "USN-2412-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2412-1"
          },
          {
            "name": "62748",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62748"
          },
          {
            "name": "MDVSA-2015:129",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"
          },
          {
            "name": "71230",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71230"
          },
          {
            "name": "openSUSE-SU-2015:0007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"
          },
          {
            "name": "RHSA-2014:1914",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1914.html"
          },
          {
            "name": "openSUSE-SU-2015:0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1589",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"
        },
        {
          "name": "59948",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59948"
        },
        {
          "name": "RHSA-2014:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1912.html"
        },
        {
          "name": "DSA-3159",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3159"
        },
        {
          "name": "62050",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62050"
        },
        {
          "name": "APPLE-SA-2015-09-30-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "RHSA-2014:1913",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1913.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205267"
        },
        {
          "name": "RHSA-2014:1911",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1911.html"
        },
        {
          "name": "DSA-3157",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0472.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
        },
        {
          "name": "USN-2412-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2412-1"
        },
        {
          "name": "62748",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62748"
        },
        {
          "name": "MDVSA-2015:129",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"
        },
        {
          "name": "71230",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71230"
        },
        {
          "name": "openSUSE-SU-2015:0007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"
        },
        {
          "name": "RHSA-2014:1914",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1914.html"
        },
        {
          "name": "openSUSE-SU-2015:0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-8090",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1589",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"
            },
            {
              "name": "59948",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59948"
            },
            {
              "name": "RHSA-2014:1912",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1912.html"
            },
            {
              "name": "DSA-3159",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3159"
            },
            {
              "name": "62050",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62050"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "RHSA-2014:1913",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1913.html"
            },
            {
              "name": "https://support.apple.com/HT205267",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "RHSA-2014:1911",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1911.html"
            },
            {
              "name": "DSA-3157",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3157"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0472.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0472.html"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
              "refsource": "CONFIRM",
              "url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
            },
            {
              "name": "USN-2412-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2412-1"
            },
            {
              "name": "62748",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62748"
            },
            {
              "name": "MDVSA-2015:129",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"
            },
            {
              "name": "71230",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71230"
            },
            {
              "name": "openSUSE-SU-2015:0007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"
            },
            {
              "name": "RHSA-2014:1914",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1914.html"
            },
            {
              "name": "openSUSE-SU-2015:0002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8090",
    "datePublished": "2014-11-21T15:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.9.3\", \"matchCriteriaId\": \"1C6F683D-B441-4778-B02E-F9A33ADD6597\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0535DC9-EB0E-4745-80AC-4A020DF26E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"94F5AA37-B466-4E2E-B217-5119BADDD87B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DF0F0F5-4022-4837-9B40-4B1127732CC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3848B08-85C2-4AAD-AA33-CCEB80EF5B32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7927D40-2A3A-43AD-99F6-CE61882A1FF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA406EC6-6CA5-40A6-A879-AA8940CBEF07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D041884-3921-4466-9A48-F644FDDA9D50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*\", \"matchCriteriaId\": \"397A2EA7-6F83-427B-8578-3794EBF04849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*\", \"matchCriteriaId\": \"298A5681-F756-4952-A9F8-E4C76736DF8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC5A12F7-47E2-4AC7-A41B-F4B01319002D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*\", \"matchCriteriaId\": \"B56582F2-0D51-4FAD-888F-3342B229A557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3ADD67F-D944-461F-94DA-E00D3556416F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*\", \"matchCriteriaId\": \"93AA1766-1936-4704-A3D0-D4F280373D1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2423B85-0971-42AC-8B64-819008BC5778\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C663278-3B2A-4B7C-959A-2AA804467F21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7927149-A76A-48BC-8405-7375FC7D7486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*\", \"matchCriteriaId\": \"46485519-C2FB-4767-B699-9F51FDCF29E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*\", \"matchCriteriaId\": \"19CF27FB-DCF5-4533-B309-55615AE21A63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9865DD1-F2AF-40B6-848A-EA9FD37034DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*\", \"matchCriteriaId\": \"C10BD21E-B9FA-4B57-B617-0108A00D6132\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DF046E4-503B-4A10-BEAB-3144BD86EA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FCA45F1-3038-413A-B8C3-EE366A4E6248\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AE2B154-8126-4A38-BAB6-915207764FC0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.\"}, {\"lang\": \"es\", \"value\": \"El analizador REXML en Ruby 1.9.x anterior a 1.9.3 patchlevel 551, 2.0.x anterior a 2.0.0 patchlevel 598, y 2.1.x anterior a 2.1.5 permite a atacantes remotos causar una denegaci\\u00f3n de servicio (consumo de CPU y memoria) a trav\\u00e9s de un documento XML manipulado que contiene una cadena vac\\u00eda en una entidad que se utiliza en un n\\u00famero grande de referencias de entidad anidadas, tambi\\u00e9n conocido como un ataque de expansi\\u00f3n de entidad XML (XEE). NOTA: esta vulnerabilidad existe debido a una soluci\\u00f3n incompleta para CVE-2013-1821 y CVE-2014-8080.\"}]",
      "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
      "id": "CVE-2014-8090",
      "lastModified": "2024-11-21T02:18:31.870",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-11-21T15:59:04.243",
      "references": "[{\"url\": \"http://advisories.mageia.org/MGASA-2014-0472.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1911.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1912.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1913.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1914.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/59948\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/62050\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/62748\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3157\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3159\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/71230\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2412-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://advisories.mageia.org/MGASA-2014-0472.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1911.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1912.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1913.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-1914.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/59948\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/62050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/62748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/71230\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2412-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8090\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-11-21T15:59:04.243\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.\"},{\"lang\":\"es\",\"value\":\"El analizador REXML en Ruby 1.9.x anterior a 1.9.3 patchlevel 551, 2.0.x anterior a 2.0.0 patchlevel 598, y 2.1.x anterior a 2.1.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s de un documento XML manipulado que contiene una cadena vac\u00eda en una entidad que se utiliza en un n\u00famero grande de referencias de entidad anidadas, tambi\u00e9n conocido como un ataque de expansi\u00f3n de entidad XML (XEE). NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2013-1821 y CVE-2014-8080.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.9.3\",\"matchCriteriaId\":\"1C6F683D-B441-4778-B02E-F9A33ADD6597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0535DC9-EB0E-4745-80AC-4A020DF26E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F5AA37-B466-4E2E-B217-5119BADDD87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DF0F0F5-4022-4837-9B40-4B1127732CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3848B08-85C2-4AAD-AA33-CCEB80EF5B32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7927D40-2A3A-43AD-99F6-CE61882A1FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA406EC6-6CA5-40A6-A879-AA8940CBEF07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D041884-3921-4466-9A48-F644FDDA9D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*\",\"matchCriteriaId\":\"397A2EA7-6F83-427B-8578-3794EBF04849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*\",\"matchCriteriaId\":\"298A5681-F756-4952-A9F8-E4C76736DF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5A12F7-47E2-4AC7-A41B-F4B01319002D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*\",\"matchCriteriaId\":\"B56582F2-0D51-4FAD-888F-3342B229A557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3ADD67F-D944-461F-94DA-E00D3556416F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*\",\"matchCriteriaId\":\"93AA1766-1936-4704-A3D0-D4F280373D1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2423B85-0971-42AC-8B64-819008BC5778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C663278-3B2A-4B7C-959A-2AA804467F21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7927149-A76A-48BC-8405-7375FC7D7486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*\",\"matchCriteriaId\":\"46485519-C2FB-4767-B699-9F51FDCF29E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*\",\"matchCriteriaId\":\"19CF27FB-DCF5-4533-B309-55615AE21A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9865DD1-F2AF-40B6-848A-EA9FD37034DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*\",\"matchCriteriaId\":\"C10BD21E-B9FA-4B57-B617-0108A00D6132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF046E4-503B-4A10-BEAB-3144BD86EA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCA45F1-3038-413A-B8C3-EE366A4E6248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AE2B154-8126-4A38-BAB6-915207764FC0\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0472.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1911.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1912.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1913.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1914.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59948\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62050\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/62748\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3157\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3159\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/71230\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2412-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0472.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1911.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1912.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1913.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1914.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/62748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/71230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2412-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/611.html\\\" target=\\\"_blank\\\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.