Description

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2014-3481

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1570)

WordPress Plugin Event Registration 'event_id' Parameter SQL Injection (5.32)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)

WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)

Severity

Medium

Classification

CVE-2014-3481 CWE-200

Tags

Missing Update Known Vulnerabilities