Critical severity9.8NVD Advisory· Published Oct 10, 2017· Updated May 13, 2026
CVE-2014-0030
CVE-2014-0030
Description
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Affected products
6cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apache:roller:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:roller:5.0.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/45341/nvdExploitThird Party AdvisoryVDB Entry
- liftsecurity.io/advisories/Apache_Roller_XML-RPC_susceptible_to_XXE/nvdThird Party AdvisoryURL Repurposed
- mail-archives.apache.org/mod_mbox/roller-dev/201401.mbox/%3CCAF1aazCMzDGB12Ls4t-SOwNA=OdguD010LX3yZGhk2GQHafFXw%40mail.gmail.com%3Envd
News mentions
0No linked articles in our index yet.