CVE-2014-3481
CVE-2014-3481
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2014-0797.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0798.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0799.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1105242https://exchange.xforce.ibmcloud.com/vulnerabilities/94939http://www.securitytracker.com/id/1032017