oval:org.mitre.oval:def:26424
Definition Id: oval:org.mitre.oval:def:26424 | |||
Oval ID: | oval:org.mitre.oval:def:26424 | ||
Title: | RHSA-2014:1011: resteasy-base security update (Moderate) | ||
Description: | RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1011-00 CESA-2014:1011 CVE-2014-3490 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 7 CentOS Linux 7 | Product(s): | resteasy-base |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24953 | |||
Oval ID: | oval:org.mitre.oval:def:24953 | ||
Title: | The operating system installed on the system is Red Hat Enterprise Linux 7 | ||
Description: | The operating system installed on the system is Red Hat Enterprise Linux 7. | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:redhat:enterprise_linux:7 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 7 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:26424 |
Definition Id: oval:org.mitre.oval:def:24773 | |||
Oval ID: | oval:org.mitre.oval:def:24773 | ||
Title: | The operating system installed on the system is CentOS Linux 7.x | ||
Description: | The operating system installed on the system is CentOS Linux 7.x | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:centos:centos:7 | Version: | 3 |
Platform(s): | CentOS Linux 7 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:26424 |