2 matches found
Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)
An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...
CVE-2013-6447
The CVE-2013-6447 issue affects Red Hat JBoss Web Framework Kit 2.4.0, where the seam-remoting components (ExecutionHandler, PollHandler, SubscriptionHandler) unmarshalled untrusted XML and processed external entities, enabling an attacker to read files on the server. Red Hat’s advisory RHSA-2014...