CVE-2014-3481

{"id": "CVE-2014-3481", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-07T14:55:03.973", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1032017", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1105242", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94939", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor en Red Hat JBoss Enterprise Application Platform (JEAP) anterior a 6.2.4 habilita la expansi\u00f3n de entidad, lo que permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados, relacionado con un problema de entidad externa XML (XXE)."}], "lastModified": "2017-08-29T01:34:45.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43A9F1F7-0989-4F56-9A42-90D5E5D94933", "versionEndIncluding": "6.2.3"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF680478-162A-4F7B-B9BA-C407FA3C0EEE"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82B6C055-25E2-4C78-ACA7-D722848BDBC4"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "274B01DE-9D76-4E28-956F-1C0D03473EE6"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D9B1401-1FBD-442A-9055-A270BF1A1244"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}