GHSA-2C9Q-QWRC-F486 XML External Entity Reference in org.picketlink:picketlink-common

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform JBEAP 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact vi...

XML External Entity Reference in org.picketlink:picketlink-common

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform JBEAP 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact vi...

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

CVE-2014-3530

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform JBEAP 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact vi...

CVE-2014-3530

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform JBEAP 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact vi...

PT-2014-5375 · Jboss · Picketlink

Name of the Vulnerable Software and Affected Versions: PicketLink versions 5.2.0 through 6.2.4 Description: The issue is related to an XML External Entity XXE problem, where the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink expands entity references. This...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 5.2.0 security update

Updated packages for Red Hat JBoss Enterprise Application Platform 5.2.0 that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...