|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for resteasy-base RHSA-2014:1011-01|
|Summary:||The remote host is missing an update for the 'resteasy-base'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'resteasy-base'
package(s) announced via the referenced advisory.
RESTEasy contains a JBoss project that provides frameworks to help build
RESTful Web Services and RESTful Java applications. It is a fully certified
and portable implementation of the JAX-RS specification.
It was found that the fix for CVE-2012-0818 was incomplete: external
parameter entities were not disabled when the
resteasy.document.expand.entity.references parameter was set to false.
A remote attacker able to send XML requests to a RESTEasy endpoint could
use this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XXE attacks.
This issue was discovered by David Jorm of Red Hat Product Security.
All resteasy-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
resteasy-base on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2014-3490|
BugTraq ID: 69058
RedHat Security Advisories: RHSA-2014:1011
RedHat Security Advisories: RHSA-2014:1039
RedHat Security Advisories: RHSA-2014:1040
RedHat Security Advisories: RHSA-2014:1298
RedHat Security Advisories: RHSA-2015:0125
RedHat Security Advisories: RHSA-2015:0675
RedHat Security Advisories: RHSA-2015:0720
RedHat Security Advisories: RHSA-2015:0765
Common Vulnerability Exposure (CVE) ID: CVE-2012-0818
BugTraq ID: 51748
BugTraq ID: 51766
RedHat Security Advisories: RHSA-2012:0441
RedHat Security Advisories: RHSA-2012:0519
RedHat Security Advisories: RHSA-2012:1056
RedHat Security Advisories: RHSA-2012:1057
RedHat Security Advisories: RHSA-2012:1058
RedHat Security Advisories: RHSA-2012:1059
RedHat Security Advisories: RHSA-2012:1125
RedHat Security Advisories: RHSA-2014:0371
RedHat Security Advisories: RHSA-2014:0372
XForce ISS Database: resteasy-xml-info-disclosure(72808)
|Copyright||Copyright (C) 2014 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.