Lucene search

K

[email protected]NVD:CVE-2014-3481

HistoryJul 07, 2014 - 2:55 p.m.

CVE-2014-3481

2014-07-0714:55:03

CWE-200

[email protected]

web.nvd.nist.gov

7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

68.0%

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd

Node

redhatjboss_enterprise_application_platformRange≤6.2.3

OR

redhatjboss_enterprise_application_platformMatch6.0.0

OR

redhatjboss_enterprise_application_platformMatch6.0.1

OR

redhatjboss_enterprise_application_platformMatch6.1.0

OR

redhatjboss_enterprise_application_platformMatch6.2.0

OR

redhatjboss_enterprise_application_platformMatch6.2.1

OR

redhatjboss_enterprise_application_platformMatch6.2.2

References

rhn.redhat.com/errata/RHSA-2014-0797.html

rhn.redhat.com/errata/RHSA-2014-0798.html

rhn.redhat.com/errata/RHSA-2014-0799.html

rhn.redhat.com/errata/RHSA-2015-0675.html

rhn.redhat.com/errata/RHSA-2015-0720.html

rhn.redhat.com/errata/RHSA-2015-0765.html

www.securitytracker.com/id/1032017

bugzilla.redhat.com/show_bug.cgi?id=1105242

exchange.xforce.ibmcloud.com/vulnerabilities/94939

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

68.0%

Related for NVD:CVE-2014-3481

prion1 cvelist1 ubuntucve1 cve1 redhat8 nessus2 veracode1