Vulnerability Details : CVE-2014-3481
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injectionInformation leak
Products affected by CVE-2014-3481
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3481
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3481
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3481
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3481
-
https://bugzilla.redhat.com/show_bug.cgi?id=1105242
1105242 – (CVE-2014-3481) CVE-2014-3481 JBoss AS JAX-RS: Information disclosure via XML eXternal Entity (XXE)
-
http://rhn.redhat.com/errata/RHSA-2014-0797.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2014-0798.html
RHSA-2014:0798 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2014-0799.html
RHSA-2014:0799 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94939
Red Hat JBoss Enterprise Application Platform (JEAP) XML External Entity (XXE) information disclosure CVE-2014-3481 Vulnerability Report
-
http://www.securitytracker.com/id/1032017
Red Hat JBoss XML External Entity Expansion Flaw Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RHSA-2015:0720 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RHSA-2015:0765 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RHSA-2015:0675 - Security Advisory - Red Hat Customer Portal
Jump to