Home

CVE-2014-3481

Description

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

Risk Information

Base Score
5.3
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.093

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.1Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.1.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.2.2Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.2.0Windows
Vulnerabilities CVE-2014-3481,CVE-2014-7849 are affected in Red Hat JBoss Enterprise Application Platform 7 6.2.1Windows
Vulnerabilities CVE-2014-3481,CVE-2014-7849 are affected in Red Hat JBoss Enterprise Application Platform 7 6.2.3Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234