vulnerability

Ubuntu: (CVE-2017-14949): restlet vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Nov 30, 2017	Jun 26, 2025	Jul 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Nov 30, 2017

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.

Solution

no-fix-ubuntu-package

References

CVE-2017-14949
https://attackerkb.com/topics/CVE-2017-14949
URL-https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements
URL-https://lgtm.com/blog/restlet_CVE-2017-14949
URL-https://www.cve.org/CVERecord?id=CVE-2017-14949

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today