oval:org.mitre.oval:def:26424

Definition Id: oval:org.mitre.oval:def:26424

Oval ID:	oval:org.mitre.oval:def:26424
Title:	RHSA-2014:1011: resteasy-base security update (Moderate)
Description:	RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1011-00 CESA-2014:1011 CVE-2014-3490	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	resteasy-base
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section resteasy-base is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-atom-provider is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jackson-provider is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-javadoc is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jaxb-provider is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jaxrs is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jaxrs-all is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jaxrs-api is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-jettison-provider is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-providers-pom is earlier than 0:2.3.5-3.el7_0 AND resteasy-base-tjws is earlier than 0:2.3.5-3.el7_0

Definition Id: oval:org.mitre.oval:def:24953

Oval ID:	oval:org.mitre.oval:def:24953
Title:	The operating system installed on the system is Red Hat Enterprise Linux 7
Description:	The operating system installed on the system is Red Hat Enterprise Linux 7.
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:redhat:enterprise_linux:7	Version:	3
Platform(s):	Red Hat Enterprise Linux 7	Product(s):
Definition Synopsis:
Red Hat Enterprise 7 is installed AND NOT Oracle Linux 7.x is installed
Referenced By:
oval:org.mitre.oval:def:26424

Definition Id: oval:org.mitre.oval:def:24773

Oval ID:	oval:org.mitre.oval:def:24773
Title:	The operating system installed on the system is CentOS Linux 7.x
Description:	The operating system installed on the system is CentOS Linux 7.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:centos:centos:7	Version:	3
Platform(s):	CentOS Linux 7	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND CentOS Linux 7.x is installed
Referenced By:
oval:org.mitre.oval:def:26424

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0255s

Facebook rss twitter linkedin mail