CVE-2014-0171 - XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JB

CVE-2014-0171

Summary

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

References

Vulnerable Configurations

cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:odata4j_project:odata4j:-:*:*:*:*:*:*:*
cpe:2.3:a:odata4j_project:odata4j:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 26-03-2020 - 19:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa

id	RHSA-2015:0034

refmap via4

confirm

https://issues.jboss.org/browse/TEIID-2911

Last major update

26-03-2020 - 19:33

Published

15-01-2015 - 15:59

Last modified

26-03-2020 - 19:33