UBUNTU-CVE-2017-14949

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-14949

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-14949.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-14949

Related

CVE-2017-14949

Published

2017-11-30T18:29:00Z

Modified

2024-10-15T14:06:04Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.

References

Affected packages

Ubuntu:Pro:16.04:LTS / restlet

Package

Name: restlet
Purl: pkg:deb/ubuntu/restlet?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.14+repack-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / restlet

Package

Name: restlet
Purl: pkg:deb/ubuntu/restlet?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.14+repack-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}