RESTEasy Incomplete Fix XML Entity References Information Disclosure Vulnerability

Bugtraq ID: 69058
Class: Design Error
CVE: CVE-2014-3490
Remote: Yes
Local: No
Published: Jul 23 2014 12:00AM
Updated: Oct 17 2018 07:00AM
Credit: David Jorm
Vulnerable: RESTEasy RESTEasy 2.3
RESTEasy RESTEasy 2.3.2
RESTEasy RESTEasy 2.3.1
Redhat JBoss Enterprise Application Platform 6.3
Redhat JBoss Enterprise Application Platform 6 EL6
Redhat JBoss Enterprise Application Platform 6 EL5
Redhat JBoss Data Grid 6.3
Redhat Enterprise Linux 7
Oracle Enterprise Linux 7
Oracle Communications Performance Intelligence Center (PIC) Software 10.1.5.1
IBM Emptoris Contract Management 10.0.2 2
IBM Emptoris Contract Management 10.0.2 0
IBM Emptoris Contract Management 10.0.2.1
Not Vulnerable: RESTEasy RESTEasy 3.0.9
Redhat JBoss Data Grid 6.3.1
Oracle Communications Performance Intelligence Center (PIC) Software 10.2


 

Privacy Statement
Copyright 2010, SecurityFocus