Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871217
Category:Red Hat Local Security Checks
Title:RedHat Update for resteasy-base RHSA-2014:1011-01
Summary:The remote host is missing an update for the 'resteasy-base'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'resteasy-base'
package(s) announced via the referenced advisory.

Vulnerability Insight:
RESTEasy contains a JBoss project that provides frameworks to help build
RESTful Web Services and RESTful Java applications. It is a fully certified
and portable implementation of the JAX-RS specification.

It was found that the fix for CVE-2012-0818 was incomplete: external
parameter entities were not disabled when the
resteasy.document.expand.entity.references parameter was set to false.
A remote attacker able to send XML requests to a RESTEasy endpoint could
use this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XXE attacks.
(CVE-2014-3490)

This issue was discovered by David Jorm of Red Hat Product Security.

All resteasy-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Affected Software/OS:
resteasy-base on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3490
BugTraq ID: 69058
http://www.securityfocus.com/bid/69058
https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83
RedHat Security Advisories: RHSA-2014:1011
http://rhn.redhat.com/errata/RHSA-2014-1011.html
RedHat Security Advisories: RHSA-2014:1039
http://rhn.redhat.com/errata/RHSA-2014-1039.html
RedHat Security Advisories: RHSA-2014:1040
http://rhn.redhat.com/errata/RHSA-2014-1040.html
RedHat Security Advisories: RHSA-2014:1298
http://rhn.redhat.com/errata/RHSA-2014-1298.html
RedHat Security Advisories: RHSA-2015:0125
http://rhn.redhat.com/errata/RHSA-2015-0125.html
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://secunia.com/advisories/60019
Common Vulnerability Exposure (CVE) ID: CVE-2012-0818
BugTraq ID: 51748
http://www.securityfocus.com/bid/51748
BugTraq ID: 51766
http://www.securityfocus.com/bid/51766
https://bugzilla.redhat.com/show_bug.cgi?id=785631
http://www.osvdb.org/78679
RedHat Security Advisories: RHSA-2012:0441
http://rhn.redhat.com/errata/RHSA-2012-0441.html
RedHat Security Advisories: RHSA-2012:0519
http://rhn.redhat.com/errata/RHSA-2012-0519.html
RedHat Security Advisories: RHSA-2012:1056
http://rhn.redhat.com/errata/RHSA-2012-1056.html
RedHat Security Advisories: RHSA-2012:1057
http://rhn.redhat.com/errata/RHSA-2012-1057.html
RedHat Security Advisories: RHSA-2012:1058
http://rhn.redhat.com/errata/RHSA-2012-1058.html
RedHat Security Advisories: RHSA-2012:1059
http://rhn.redhat.com/errata/RHSA-2012-1059.html
RedHat Security Advisories: RHSA-2012:1125
http://rhn.redhat.com/errata/RHSA-2012-1125.html
RedHat Security Advisories: RHSA-2014:0371
http://rhn.redhat.com/errata/RHSA-2014-0371.html
RedHat Security Advisories: RHSA-2014:0372
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/47818
http://secunia.com/advisories/47832
http://secunia.com/advisories/48697
http://secunia.com/advisories/48954
http://secunia.com/advisories/50084
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
XForce ISS Database: resteasy-xml-info-disclosure(72808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.