What is the severity of RHSA-2014:0294?

The severity of RHSA-2014:0294 is classified as Important.

How do I fix RHSA-2014:0294?

To fix RHSA-2014:0294, apply the appropriate update or patch to your affected Red Hat JBoss Data Virtualization software.

What products are affected by RHSA-2014:0294?

RHSA-2014:0294 affects Red Hat JBoss Data Virtualization.

Can RHSA-2014:0294 be exploited by an attacker?

Yes, a remote attacker can exploit RHSA-2014:0294 by supplying malicious XML to XStream.

What are the consequences of not addressing RHSA-2014:0294?

Failure to address RHSA-2014:0294 may lead to the remote execution of arbitrary code on affected systems.

Vulnerability/
RHSA-2014:0294

13/3/2014

RHSA-2014:0294: Important: XStream security update

First published: Thu Mar 13 2014(Updated: )

XStream is a simple library to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. (CVE-2013-7285) The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not contain the vulnerable XStream library and is not vulnerable to CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who installed an optional S-RAMP distribution as provided from the Red Hat Customer Portal are advised to apply this update.

Affected Software	Affected Version	How to fix
Red Hat JBoss Data Virtualization

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2014:0294?
The severity of RHSA-2014:0294 is classified as Important.
How do I fix RHSA-2014:0294?
To fix RHSA-2014:0294, apply the appropriate update or patch to your affected Red Hat JBoss Data Virtualization software.
What products are affected by RHSA-2014:0294?
RHSA-2014:0294 affects Red Hat JBoss Data Virtualization.
Can RHSA-2014:0294 be exploited by an attacker?
Yes, a remote attacker can exploit RHSA-2014:0294 by supplying malicious XML to XStream.
What are the consequences of not addressing RHSA-2014:0294?
Failure to address RHSA-2014:0294 may lead to the remote execution of arbitrary code on affected systems.

collector/redhat-errata
anchor-id/RHSA-2014:0294
agent/severity
agent/references
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
agent/remedy
agent/title
agent/softwarecombine
agent/tags
agent/description
agent/guess-ai
agent/software-canonical-lookup

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.