Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-5325 Vulnerability in maven package org.directwebremoting:dwr

Description

The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://jvn.jp/en/jp/JVN91502163/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000117

http://www.securityfocus.com/bid/71093

Related Vulnerabilities

CVE-2015-5173 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2017-12616 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2015-1776 Vulnerability in maven package org.apache.hadoop:hadoop-mapreduce-client-core

CVE-2014-3662 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2015-9236 Vulnerability in npm package hapi

Severity

Critical

Classification

CWE-200