Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2014-3490
HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-3490

2014-08-1918:55:02
redhat
web.nvd.nist.gov
85
resteasy
xxe
vulnerability
cve-2014-3490
security
nvd
red hat jboss eap

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.

Affected configurations

Nvd
Node
redhatjboss_enterprise_application_platformMatch6.3.0
OR
redhatresteasyRange2.3.12.3.7.2
OR
redhatresteasyRange3.0.03.0.9
OR
redhatresteasyMatch3.0beta1
OR
redhatresteasyMatch3.0beta2
OR
redhatresteasyMatch3.0beta3
OR
redhatresteasyMatch3.0beta4
OR
redhatresteasyMatch3.0beta5
OR
redhatresteasyMatch3.0beta6
OR
redhatresteasyMatch3.0rc1
VendorProductVersionCPE
redhatjboss_enterprise_application_platform6.3.0cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0:*:*:*:*:*:*:*
redhatresteasy*cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta1:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta2:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta3:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta4:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta5:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:beta6:*:*:*:*:*:*
redhatresteasy3.0cpe:2.3:a:redhat:resteasy:3.0:rc1:*:*:*:*:*:*

Related

mageia 1
cvelist 3
nvd 3
redhat 17
nessus 9
centos 1
osv 3
openvas 5
github 3
prion 3
veracode 2
oraclelinux 1
checkpoint_advisories 1
fedora 1
ibm 2
cve 2
oracle 1
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
cvelist
cvelist
CVE-2014-3490
2014-08-19 18:00:00
CVE-2012-0818
2012-11-23 20:00:00
CVE-2011-5245
2012-11-23 20:00:00
nvd
nvd
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
redhat
redhat
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2014:1298) Moderate: Red Hat JBoss Data Grid 6.3.1 update
2014-09-24 16:49:09
nessus
nessus
RHEL 7 : resteasy-base (RHSA-2014:1011)
2014-08-06 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1040)
2014-08-13 00:00:00
centos
centos
resteasy security update
2014-08-06 14:38:38
osv
osv
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0547)
2022-01-28 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
CentOS Update for resteasy-base CESA-2014:1011 centos7
2014-09-10 00:00:00
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
prion
prion
Xxe
2014-08-19 18:55:00
Xxe
2012-11-23 20:55:00
Xxe
2012-11-23 20:55:00
veracode
veracode
Arbitrary File Access With External Entities
2019-01-15 08:58:57
XML External Entity (XXE) To Read Files
2019-01-15 08:54:05
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
cve
cve
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON
Related for CVE-2014-3490
mageia1cvelist3nvd3redhat17nessus9centos1osv3openvas5github3prion3veracode2oraclelinux1checkpoint_advisories1fedora1ibm2cve2oracle1