The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. <a href"http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Publication date: Fri, 19 Dec 2014 21:59:00 +0000