MGASA-2014-0547

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0547.html

Import Source

https://advisories.mageia.org/MGASA-2014-0547.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0547

Upstream

CVE-2014-3490

Published

2014-12-26T17:04:58Z

Modified

2026-04-16T06:24:03.455726364Z

Summary

Updated resteasy package fix CVE-2014-3490

Details

Updated resteasy packages fixes security vulnerability:

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks (CVE-2014-3490).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / resteasy

Package

Name: resteasy
Purl: pkg:rpm/mageia/resteasy?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.1-3.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0547.json"