CVE-2014-3481Sensitive Information Exposure in Redhat Jboss Enterprise Application Platform

CWE-200Sensitive Information ExposureCWE-611XML External Entity (XXE) Injection6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.1%
top 22.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedJul 7
Latest updateMay 17

Description

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xm6x-8fqh-w3x3: org2022-05-17
CVEList
CVE-2014-3481: org2014-07-07

📋Vendor Advisories

1
Red Hat
JAX-RS: Information disclosure via XML eXternal Entity (XXE)2014-06-05

💬Community

2
Bugzilla
CVE-2014-3481 wildfly: JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE) [fedora-all]2014-07-30
Bugzilla
CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE)2014-06-05
CVE-2014-3481 — Sensitive Information Exposure | cvebase