VDB

GCVE-VVD-MAGEIA-2014-547

GCVE-VVD-MAGEIA-2014-547
Advisory Published
Vulnetix · Advisory published December 26, 2014
Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks (CVE-2014-3490).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaresteasy0 (affected), 3.0.1-3.1.mga4 (unaffected)

References

Updated resteasy package fix CVE-2014-3490
advisory
Updated resteasy package fix CVE-2014-3490
issue
Updated resteasy package fix CVE-2014-3490
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›