Vulnerability Description
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Resteasy | 2.3.7 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0773.html
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://secunia.com/advisories/62580
- https://issues.jboss.org/browse/RESTEASY-1130Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0773.html
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://secunia.com/advisories/62580
- https://issues.jboss.org/browse/RESTEASY-1130Vendor Advisory
FAQ
What is CVE-2014-7839?
CVE-2014-7839 is a vulnerability with a CVSS score of 6.4 (MEDIUM). DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external ent...
How severe is CVE-2014-7839?
CVE-2014-7839 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7839?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Resteasy.