CVE-2014-3490 in Oracle Communications Performance Intelligence Center (PIC) Software情報

要約 (英語)

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.

予約する

2014年05月14日

エントリ

VulDB provides additional information and datapoints for this CVE:

識別子脆弱性CWE悪用可対策CVE
125386Oracle Communications Performance Intelligence Center (PIC) Software resteasy-jaxrs XML External Entity611未定義公式な修正CVE-2014-3490
70658Red Hat RESTEasy resteasy.document.expand.entity.references XML External Entity611未定義公式な修正CVE-2014-3490

説明

CPE

CWE

CVSS

エクスプロイト

履歴

差分

リンクする

脅威インテリジェンス

API JSON

API XML

API CSV

概要

Do you need the next level of professionalism?

Upgrade your account now!