Candidate: CVE-2014-7839
PublicDate: 2014-11-25 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7839
 https://issues.jboss.org/browse/RESTEASY-1130
Description:
 DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1)
 external-general-entities or (2) external-parameter-entities features,
 which allows remote attackers to conduct XML external entity (XXE) attacks
 via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770544
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_resteasy:
upstream_resteasy: needs-triage
lucid_resteasy: DNE
precise_resteasy: DNE
precise/esm_resteasy: DNE
trusty_resteasy: DNE
trusty/esm_resteasy: DNE
utopic_resteasy: DNE
vivid_resteasy: ignored (reached end-of-life)
vivid/stable-phone-overlay_resteasy: DNE
vivid/ubuntu-core_resteasy: DNE
wily_resteasy: ignored (reached end-of-life)
xenial_resteasy: not-affected (3.0.6-2)
yakkety_resteasy: ignored (reached end-of-life)
zesty_resteasy: ignored (reached end-of-life)
artful_resteasy: ignored (reached end-of-life)
bionic_resteasy: DNE
cosmic_resteasy: DNE
devel_resteasy: not-affected (3.0.6-2)