Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3481

Опубликовано: 05 июн. 2014
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity (XXE) attacks on RESTEasy applications accepting XML input.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Data Grid 6jboss-as-jaxrsAffected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Data Grid 6.3FixedRHSA-2014:089516.07.2014
Red Hat JBoss Data Virtualization 6.0jboss-as-jaxrsFixedRHSA-2015:076531.03.2015
Red Hat JBoss Data Virtualization 6.1FixedRHSA-2015:067511.03.2015
Red Hat JBoss Enterprise Application Platform 6.2jboss-as-jaxrsFixedRHSA-2014:079726.06.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5apache-cxfFixedRHSA-2014:079826.06.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5hibernate4-eap6FixedRHSA-2014:079826.06.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5jboss-aeshFixedRHSA-2014:079826.06.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5jboss-as-appclientFixedRHSA-2014:079826.06.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=1105242JAX-RS: Information disclosure via XML eXternal Entity (XXE)

EPSS

Процентиль: 78%
0.01093
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3481

ubuntu
больше 11 лет назад

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

nvd логотип

CVE-2014-3481

nvd
больше 11 лет назад

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

debian логотип

CVE-2014-3481

debian
больше 11 лет назад

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBo ...

github логотип

GHSA-xm6x-8fqh-w3x3

github
больше 3 лет назад

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

EPSS

Процентиль: 78%
0.01093
Низкий

5 Medium

CVSS2