Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:11238
HistoryJan 15, 2019 - 8:58 a.m.

Arbitrary File Access With External Entities

2019-01-1508:58:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

RESTEasy is vulnerable to arbitrary file access. When resteasy.document.expand.entity.references parameter is set to false, it sets external entities to disable. This vulnerability is possible due to an incomplete fix for CVE-2012-0818.

Related

mageia 1
cve 3
nessus 9
prion 3
openvas 5
redhat 17
centos 1
osv 3
github 3
oraclelinux 1
veracode 1
checkpoint_advisories 1
fedora 1
ibm 2
oracle 1
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
cve
cve
CVE-2014-3490
2014-08-19 18:55:00
CVE-2012-0818
2012-11-23 20:55:00
CVE-2011-5245
2012-11-23 20:55:00
nessus
nessus
CentOS 7 : resteasy-base (CESA-2014:1011)
2014-08-07 00:00:00
RHEL 7 : resteasy-base (RHSA-2014:1011)
2014-08-06 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
prion
prion
Xxe
2014-08-19 18:55:00
Xxe
2012-11-23 20:55:00
Xxe
2012-11-23 20:55:00
openvas
openvas
CentOS Update for resteasy-base CESA-2014:1011 centos7
2014-09-10 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
Mageia: Security Advisory (MGASA-2014-0547)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2013:1263) Moderate: Red Hat Storage Console 2.1 security update
2013-09-16 00:00:00
centos
centos
resteasy security update
2014-08-06 14:38:38
osv
osv
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
veracode
veracode
XML External Entity (XXE) To Read Files
2019-01-15 08:54:05
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for VERACODE:11238
mageia1cve3nessus9prion3openvas5redhat17centos1osv3github3oraclelinux1veracode1checkpoint_advisories1fedora1ibm2oracle1