Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2014-3490
HistoryAug 19, 2014 - 6:00 p.m.

CVE-2014-3490

2014-08-1918:00:00
redhat
www.cve.org
6

AI Score

9.5

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.

Related

redhat 17
nessus 9
centos 1
mageia 1
nvd 3
cve 3
openvas 5
github 3
osv 3
prion 3
veracode 2
cvelist 2
oraclelinux 1
ibm 2
checkpoint_advisories 1
fedora 1
oracle 1
redhat
redhat
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2014:1298) Moderate: Red Hat JBoss Data Grid 6.3.1 update
2014-09-24 16:49:09
nessus
nessus
RHEL 7 : resteasy-base (RHSA-2014:1011)
2014-08-06 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1040)
2014-08-13 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
centos
centos
resteasy security update
2014-08-06 14:38:38
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
nvd
nvd
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
cve
cve
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0547)
2022-01-28 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
CentOS Update for resteasy-base CESA-2014:1011 centos7
2014-09-10 00:00:00
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
osv
osv
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
prion
prion
Xxe
2014-08-19 18:55:00
Xxe
2012-11-23 20:55:00
Xxe
2012-11-23 20:55:00
veracode
veracode
Arbitrary File Access With External Entities
2019-01-15 08:58:57
XML External Entity (XXE) To Read Files
2019-01-15 08:54:05
cvelist
cvelist
CVE-2012-0818
2012-11-23 20:00:00
CVE-2011-5245
2012-11-23 20:00:00
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

AI Score

9.5

Confidence

High

EPSS

0.009

Percentile

83.1%

JSON
Related for CVELIST:CVE-2014-3490
redhat17nessus9centos1mageia1nvd3cve3openvas5github3osv3prion3veracode2cvelist2oraclelinux1ibm2checkpoint_advisories1fedora1oracle1