CVE-2014-3481

EUVD-2014-3490
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
redhatjboss_enterprise_application_platform
𝑥
≤ 6.2.3
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
6.0.1
redhatjboss_enterprise_application_platform
6.1.0
redhatjboss_enterprise_application_platform
6.2.0
redhatjboss_enterprise_application_platform
6.2.1
redhatjboss_enterprise_application_platform
6.2.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
lucid
not-affected
precise
not-affected
saucy
not-affected
trusty
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://www.securitytracker.com/id/1032017
https://bugzilla.redhat.com/show_bug.cgi?id=1105242
https://exchange.xforce.ibmcloud.com/vulnerabilities/94939
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://www.securitytracker.com/id/1032017
https://bugzilla.redhat.com/show_bug.cgi?id=1105242
https://exchange.xforce.ibmcloud.com/vulnerabilities/94939