Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:11238
HistoryJan 15, 2019 - 8:58 a.m.

Arbitrary File Access With External Entities

2019-01-1508:58:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.009 Low

EPSS

Percentile

83.1%

JSON

RESTEasy is vulnerable to arbitrary file access. When resteasy.document.expand.entity.references parameter is set to false, it sets external entities to disable. This vulnerability is possible due to an incomplete fix for CVE-2012-0818.

Related

cve 3
mageia 1
cvelist 3
nvd 3
openvas 5
prion 3
nessus 9
redhat 17
osv 3
github 3
centos 1
oraclelinux 1
veracode 1
ibm 2
fedora 1
checkpoint_advisories 1
oracle 1
cve
cve
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
cvelist
cvelist
CVE-2014-3490
2014-08-19 18:00:00
CVE-2012-0818
2012-11-23 20:00:00
CVE-2011-5245
2012-11-23 20:00:00
nvd
nvd
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
openvas
openvas
CentOS Update for resteasy-base CESA-2014:1011 centos7
2014-09-10 00:00:00
Mageia: Security Advisory (MGASA-2014-0547)
2022-01-28 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
prion
prion
Xxe
2014-08-19 18:55:00
Xxe
2012-11-23 20:55:00
Xxe
2012-11-23 20:55:00
nessus
nessus
CentOS 7 : resteasy-base (CESA-2014:1011)
2014-08-07 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1040)
2014-08-13 00:00:00
redhat
redhat
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2013:1263) Moderate: Red Hat Storage Console 2.1 security update
2013-09-16 00:00:00
osv
osv
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
centos
centos
resteasy security update
2014-08-06 14:38:38
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
veracode
veracode
XML External Entity (XXE) To Read Files
2019-01-15 08:54:05
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

0.009 Low

EPSS

Percentile

83.1%

JSON
Related for VERACODE:11238
cve3mageia1cvelist3nvd3openvas5prion3nessus9redhat17osv3github3centos1oraclelinux1veracode1ibm2fedora1checkpoint_advisories1oracle1