Improper input validation in Redhat Resteasy

CVE-2014-7839

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vecto…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.013 (79.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Resteasy — versions 2.3.7, 3.0.9
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

RHSA-2015:0675 (x_refsource_REDHAT, vendor-advisory)
RHSA-2015:0773 (x_refsource_REDHAT, vendor-advisory)
RHSA-2015:0850 (x_refsource_REDHAT, vendor-advisory)
62580 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2015:0851 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_MISC, Vendor Advisory)