CVE-2014-0225 in VMware and Pivotal Software Products
Published on May 25, 2017

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

NVD

Products Associated with CVE-2014-0225

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-0225 are published in these products:

VMware Spring Framework

Pivotal Software Spring Framework

Affected Versions

Pivotal Spring Framework:

Version 4.0.0 to 4.0.4 is affected.
Version 3.0.0 to 3.2.8 is affected.
Version Earlier unsupported versions may be affected is affected.

Exploit Probability

EPSS

0.23%

Percentile

45.69%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-0225 in VMware and Pivotal Software ProductsPublished on May 25, 2017

Products Associated with CVE-2014-0225

Affected Versions

Exploit Probability

CVE-2014-0225 in VMware and Pivotal Software Products
Published on May 25, 2017