what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2014-7839

Status Candidate

Overview

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

Related Files

Red Hat Security Advisory 2015-0851-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0851-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
MD5 | 555c0381ff2462d36697588924dea279
Red Hat Security Advisory 2015-0850-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0850-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
MD5 | 0255ca9695d6df5d7326a1edea58579f
Red Hat Security Advisory 2015-0773-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002, CVE-2014-7839, CVE-2014-8122, CVE-2015-0226, CVE-2015-0227
MD5 | 646ee5a7987f6753fcf916a00ee9a84c
Red Hat Security Advisory 2015-0675-01
Posted Mar 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0675-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. The release of Red Hat JBoss Data Virtualization 6.1.0 serves as a replacement for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-4517, CVE-2013-5855, CVE-2014-0059, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577, CVE-2014-3623, CVE-2014-7839, CVE-2014-8122
MD5 | deb3d667545b7374a6f500e51dea85d3
Red Hat Security Advisory 2015-0215-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0215-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
MD5 | ee60e8a12deb384193cd70ff9998fb0b
Red Hat Security Advisory 2015-0218-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0218-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
MD5 | d64a4e23fccfd2036c7a2daff5c04b7e
Red Hat Security Advisory 2015-0217-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0217-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
MD5 | 87941dbf09390818632e2efcb1c02fe2
Red Hat Security Advisory 2015-0216-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0216-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
MD5 | 95ed929e3f00b4953a1223723d441779
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    2 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    16 Files
  • 13
    Feb 13th
    19 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close