cbcvebase.
CVE-2014-3004
published 2014-06-11

CVE-2014-3004: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via…

PriorityP433medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
7.79%
93.9th percentile
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.

Affected

5 ranges
VendorProductVersion rangeFixed in
castor_projectcastor<= 1.3.2
castor_projectcastor
castor_projectcastor
opensuseopensuse
opensuse_projectopensuse

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_oracle5.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.