Description

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2014-8875

Related Vulnerabilities

WordPress Plugin Simple Events Calendar SQL Injection (1.3.5)

WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)

WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)

WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11)

Severity

Medium

Classification

CVE-2014-8875

Tags

Missing Update Known Vulnerabilities