Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0171

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-0171
Last Modified 15 Jan 2015 07:29:33
Published 15 Jan 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0171

Summary

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.

Vulnerable Systems

Application

  • Redhat Jboss Data Virtualization 6.0.0


References

CONFIRM - https://issues.jboss.org/browse/TEIID-2911

REDHAT - RHSA-2015:0034


Last Updated: 27 May 2016 10:36:58