CVE-2014-7839
RESTEasy 2.3.7 and 3.0.9 - XML External Entity Injection in DocumentProvider
Title source: llmDescription
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0675.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0773.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0850.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62580
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0851.html
Vendor Advisory x_refsource_misc
https://issues.jboss.org/browse/RESTEASY-1130
Scores
EPSS
0.0196
EPSS Percentile
77.9%
Details
CWE
CWE-20
Status
published
Products (3)
org.jboss.resteasy/resteasy-jaxrs
0 - 3.0.11.FinalMaven
redhat/resteasy
2.3.7
redhat/resteasy
3.0.9
Published
Nov 25, 2014
Tracked Since
Feb 18, 2026