CVE-2014-7839

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:resteasy:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:3.0.9:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-25 15:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-7839

Mitre link : CVE-2014-7839

CVE.ORG link : CVE-2014-7839


JSON object : View

Products Affected

redhat

  • resteasy
CWE
CWE-20

Improper Input Validation