CVE-2014-3481

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
redhatjboss_enterprise_application_platform
𝑥
≤ 6.2.3
redhatjboss_enterprise_application_platform
6.0.0
redhatjboss_enterprise_application_platform
6.0.1
redhatjboss_enterprise_application_platform
6.1.0
redhatjboss_enterprise_application_platform
6.2.0
redhatjboss_enterprise_application_platform
6.2.1
redhatjboss_enterprise_application_platform
6.2.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
trusty
dne
saucy
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://www.securitytracker.com/id/1032017
https://bugzilla.redhat.com/show_bug.cgi?id=1105242
https://exchange.xforce.ibmcloud.com/vulnerabilities/94939
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://www.securitytracker.com/id/1032017
https://bugzilla.redhat.com/show_bug.cgi?id=1105242
https://exchange.xforce.ibmcloud.com/vulnerabilities/94939