Oval Definition:oval:org.opensuse.security:def:20143490
Revision Date:2022-09-02Version:1
Title:CVE-2014-3490
Description:

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2014-3490
SUSE CVE-2014-3490
Platform(s):SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Legacy 15 SP2
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND java-1_8_0-openjdk is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • AND
  • java-1_8_0-openjdk is not affected
  • OR java-1_8_0-openjdk-demo is not affected
  • OR java-1_8_0-openjdk-devel is not affected
  • OR java-1_8_0-openjdk-headless is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Legacy 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND java-1_8_0-openjdk is not affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • java-1_8_0-openjdk is not affected
  • OR java-1_8_0-openjdk-demo is not affected
  • OR java-1_8_0-openjdk-devel is not affected
  • OR java-1_8_0-openjdk-headless is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND Package Information
  • java-1_8_0-openjdk is not affected
  • OR java-1_8_0-openjdk-demo is not affected
  • OR java-1_8_0-openjdk-devel is not affected
  • OR java-1_8_0-openjdk-headless is not affected
    • BACK