VDB
RHSA-2014%3A0886
RHSA-2014%3A0886
PUBLISHED
CVSS 7.5 HIGH
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 5.2 |
Timeline
- Jul 16, 2014 CVE Published
- Jan 28, 2026 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2014:0886 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.2.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1112987 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0886.json advisory
- https://access.redhat.com/security/cve/CVE-2014-3530 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-3530 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-3530 advisory