CVE-2014-3530: Infoleak
First published: Wed Jun 25 2014(Updated: )
It was found that the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method implementation provided a DocumentBuilderFactory that will expand entity references. This could be used by a remote, unauthenticated attacker to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise Application Platform | =6.2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2014-0883.html
- http://rhn.redhat.com/errata/RHSA-2014-0884.html
- http://rhn.redhat.com/errata/RHSA-2014-0885.html
- http://rhn.redhat.com/errata/RHSA-2014-0886.html
- http://rhn.redhat.com/errata/RHSA-2015-0091.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- http://secunia.com/advisories/60047
- http://secunia.com/advisories/60124
- http://www.securitytracker.com/id/1030607
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94700
- https://issues.jboss.org/browse/PLINK-509
- https://rhn.redhat.com/errata/RHSA-2014-0883.html
- https://rhn.redhat.com/errata/RHSA-2014-0885.html
- https://rhn.redhat.com/errata/RHSA-2014-0884.html
- https://rhn.redhat.com/errata/RHSA-2014-0886.html
- https://rhn.redhat.com/errata/RHSA-2014-0898.html
- https://rhn.redhat.com/errata/RHSA-2014-0897.html
- https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3530.yaml
- https://rhn.redhat.com/errata/RHSA-2014-0910.html
- https://rhn.redhat.com/errata/RHSA-2015-0091.html
- https://rhn.redhat.com/errata/RHSA-2015-0235.html
- https://rhn.redhat.com/errata/RHSA-2015-0234.html
- https://rhn.redhat.com/errata/RHSA-2015-0675.html
- https://rhn.redhat.com/errata/RHSA-2015-0720.html
- https://rhn.redhat.com/errata/RHSA-2015-0765.html
- https://rhn.redhat.com/errata/RHSA-2015-1009.html
- https://rhn.redhat.com/errata/RHSA-2015-1888.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1112987
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-3530
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss enterprise application platform
- version/red hat jboss enterprise application platform/5.2.0
- version/red hat jboss enterprise application platform/6.2.4