Vulnerability in Redhat Jboss_enterprise_application_platform
CVE-2014-3490
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, w…
EPSS: 0.046 (89.5th percentile) — read the EPSS interpretation.
Affected products
- Redhat Jboss_enterprise_application_platform — versions 6.3.0
- Redhat Resteasy — versions 3.0
- N/a — versions n/a
References
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- RHSA-2015:0765 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- RHSA-2015:0675 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 60019 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- RHSA-2015:0720 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2014:1039 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 69058 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- RHSA-2015:0125 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)