CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 0CVE-2014-3490 – RESTEasy: XXE via parameter entities
https://notcve.org/view.php?id=CVE-2014-3490
07 Aug 2014 — RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818. RESTEasy 2.3.1 anterior a 2.3.8.SP... • http://rhn.redhat.com/errata/RHSA-2014-1011.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2011-5245 – RESTEasy: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2011-5245
23 Nov 2012 — The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. La función ReadFrom en providers.jaxb.JAXBXmlTypeProvider en RESTEasy anterior a v2.3.2 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en una en... • http://rhn.redhat.com/errata/RHSA-2012-0441.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 1%CPEs: 13EXPL: 0CVE-2012-0818 – RESTEasy: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-0818
23 Nov 2012 — RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. RESTEasy anterior a v2.3.1 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en un documento DOM, también conocido como un ataque de inyección XML de entidad externa (XXE) Red Hat JBoss BPM Suite is a business rules management system for the management, storage, creation, modification,... • http://rhn.redhat.com/errata/RHSA-2012-0441.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •