CVE-2014-0225 in VMware and Pivotal Software Products
Published on May 25, 2017
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Products Associated with CVE-2014-0225
stack.watch emails you whenever new vulnerabilities are published in VMware Spring Framework or Pivotal Software Spring Framework. Just hit a watch button to start following.
Affected Versions
Pivotal Spring Framework:- Version 4.0.0 to 4.0.4 is affected.
- Version 3.0.0 to 3.2.8 is affected.
- Version Earlier unsupported versions may be affected is affected.
Exploit Probability
EPSS
0.24%
Percentile
46.27%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.