CVE-2014-3481 Information

Description

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion which allows remote attackers to read arbitrary files via unspecified vectors related to an XML External Entity (XXE) issue.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://www.securitytracker.com/id/1032017 https://bugzilla.redhat.com/show_bug.cgi?id=1105242 https://exchange.xforce.ibmcloud.com/vulnerabilities/94939