CVE-2013-6447

Опубликовано: 20 янв. 2014

Источник: redhat

CVSS2: 5

Описание

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.

Отчет

This issue affects Seam 3 remoting, but Seam 3 is not shipped with any Red Hat products, and Seam 3 development has been terminated. This issue is not currently planned to be addressed in a future update to Seam 3. Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4 and 5; Red Hat JBoss Enterprise Portal Platform 5; Red Hat JBoss Enterprise SOA Platform 4 and 5; and Red Hat JBoss Enterprise Web Platform 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Application Platform 5	seam	Affected
Red Hat JBoss Enterprise Web Server 1	ewp-5	Affected
Red Hat JBoss Web Framework Kit 2.4	Seam	Fixed	RHSA-2014:0045	20.01.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1044784Seam: XML eXternal Entity (XXE) flaw in remoting

5 Medium

CVSS2

Связанные уязвимости

CVE-2013-6447

nvd

около 12 лет назад

GHSA-gvc5-hqc3-j65q

github

больше 3 лет назад

5 Medium

CVSS2