Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1298
HistorySep 24, 2014 - 4:49 p.m.

(RHSA-2014:1298) Moderate: Red Hat JBoss Data Grid 6.3.1 update

2014-09-2416:49:09
access.redhat.com
13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

84.0%

JSON

Red Hat JBoss Data Grid is a distributed in-memory data grid, based on
Infinispan.

This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for
Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are
detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes. The Release
Notes are available at:
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/

This update also fixes the following security issue:

It was found that the external parameter entities were not disabled when
the resteasy.document.expand.entity.references parameter was set to false.
A remote attacker able to send XML requests to a RESTEasy endpoint could
use this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XXE attacks.
(CVE-2014-3490)

The CVE-2014-3490 issue was discovered by David Jorm of Red Hat Product
Security.

All users of Red Hat JBoss Data Grid 6.3.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.3.1.

Related

oraclelinux 1
ibm 2
openvas 5
checkpoint_advisories 1
fedora 1
nessus 5
cve 1
mageia 1
cvelist 1
redhat 9
centos 1
osv 1
github 1
veracode 1
prion 1
oracle 1
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1011)
2015-10-06 00:00:00
Fedora Update for resteasy FEDORA-2014-16845
2015-04-25 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
nessus
nessus
Fedora 20 : resteasy-3.0.6-3.fc20 (2014-16845)
2015-04-27 00:00:00
RHEL 7 : resteasy-base (RHSA-2014:1011)
2014-08-06 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
cve
cve
CVE-2014-3490
2014-08-19 18:55:00
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
cvelist
cvelist
CVE-2014-3490
2014-08-19 18:00:00
redhat
redhat
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2014:1904) Important: Red Hat JBoss Operations Network 3.3.0 update
2014-11-25 16:45:01
centos
centos
resteasy security update
2014-08-06 14:38:38
osv
osv
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
veracode
veracode
Arbitrary File Access With External Entities
2019-01-15 08:58:57
prion
prion
Xxe
2014-08-19 18:55:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

84.0%

JSON
Related for RHSA-2014:1298
oraclelinux1ibm2openvas5checkpoint_advisories1fedora1nessus5cve1mageia1cvelist1redhat9centos1osv1github1veracode1prion1oracle1