Description

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

Remediation

References

CVE-2014-8875

Related Vulnerabilities

Drupal CVE-2009-1576 Vulnerability (CVE-2009-1576)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32475)

WebLogic CVE-2020-2549 Vulnerability (CVE-2020-2549)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.10)

WordPress Plugin eID Easy Cross-Site Scripting (4.6)

Severity

Medium

Classification

CVE-2014-8875

Tags

Missing Update Known Vulnerabilities