The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | opensuse | 12.3 |
| castor_project | castor | 1.3.1 |
| castor_project | castor | 1.3 |
| opensuse | opensuse | 13.1 |
| castor_project | castor | * |