exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2014-7839

Status Candidate

Overview

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

Related Files

Red Hat Security Advisory 2015-0851-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0851-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 9c35a2e3da753f782421c5fae6cc800fdd2198541a72b87ddbb7e26976fb351a
Red Hat Security Advisory 2015-0850-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0850-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 290b4f0a91f99c1bf88abbdb829b7cd88cf73b3f112a40d00f3e02cb6d9adc8c
Red Hat Security Advisory 2015-0773-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002, CVE-2014-7839, CVE-2014-8122, CVE-2015-0226, CVE-2015-0227
SHA-256 | 7d553cdde3aceb92018ddd32ec0b04e6ea93bb9c088302da1d9beeb4a352330c
Red Hat Security Advisory 2015-0675-01
Posted Mar 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0675-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. The release of Red Hat JBoss Data Virtualization 6.1.0 serves as a replacement for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-4517, CVE-2013-5855, CVE-2014-0059, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577, CVE-2014-3623, CVE-2014-7839, CVE-2014-8122
SHA-256 | a75cda8ec63a5e546176c931f472dd7be9d8e3618cc45e5e9dc28e234143ba38
Red Hat Security Advisory 2015-0215-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0215-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 57ab1fc8b9507ca56ece907b266ce7c9eb4bd0abbef003b66b314ffee42dde44
Red Hat Security Advisory 2015-0218-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0218-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | f9ad7ddcc0da56c409f88863816e066c6de7d686ea4c7eef207b9df7eb41214a
Red Hat Security Advisory 2015-0217-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0217-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 6e4bb84632dec0165b206c20f5fb253e5a62ac2ecc1df2e42f35cae661646453
Red Hat Security Advisory 2015-0216-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0216-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 6fdb35979e83d4bc7783909319fa6956e41ee874378bc2a23ef3be879dee9fb7
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close