GitHub Advisory DatabaseGHSA-XRH2-C3RM-35JRHornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
49.7%
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.hornetq.rest:hornetq-rest | lt | 2.5.0.Beta1 |
References
access.redhat.com/security/cve/cve-2014-3599
bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3599
github.com/advisories/GHSA-xrh2-c3rm-35jr
github.com/hornetq/hornetq/commit/b3a63576371828d5f8e64ba7ccbcecb1da8111d2
github.com/victims/victims-cve-db/blob/master/database/java/2014/3599.yaml
nvd.nist.gov/vuln/detail/CVE-2014-3599
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
49.7%