Main Vulnerability Database Vulnerabilities #VU13102

XXE attack in Direct Web Remoting - CVE-2014-5325

Published: May 31, 2018

Vulnerability identifier: #VU13102

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2014-5325

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Direct Web Remoting

Affected software:
Direct Web Remoting

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to perform XXE attack on the target system.

The weakness exists due to insufficient validation for external entities. A remote attacker can supply DOM data containing an XML external entity declaration in conjunction with an entity reference, perform XXE attack and gain access to potentially sensitive information.

How to mitigate CVE-2014-5325

Install update from vendor's website.

Sources

https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000117.html

XXE attack in Direct Web Remoting - CVE-2014-5325

Detailed vulnerability description

How to mitigate CVE-2014-5325

Sources

Please verify you're human