Information disclosure in Redhat Jboss_seam_2_framework

CVE-2013-6447

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, al…

Vulnerability class: Information Disclosure

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_seam_2_framework — versions 2.0.0, 2.0.1, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1029652 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM)
56572 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
RHSA-2014:0045 (x_refsource_REDHAT, vendor-advisory)