Vulnerability Description
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | <= 6.2.3 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-0797.html
- http://rhn.redhat.com/errata/RHSA-2014-0798.html
- http://rhn.redhat.com/errata/RHSA-2014-0799.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://www.securitytracker.com/id/1032017
- https://bugzilla.redhat.com/show_bug.cgi?id=1105242
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94939
- http://rhn.redhat.com/errata/RHSA-2014-0797.html
- http://rhn.redhat.com/errata/RHSA-2014-0798.html
- http://rhn.redhat.com/errata/RHSA-2014-0799.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
FAQ
What is CVE-2014-3481?
CVE-2014-3481 is a vulnerability with a CVSS score of 5.0 (MEDIUM). org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary f...
How severe is CVE-2014-3481?
CVE-2014-3481 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3481?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.