JDV Vulnerabilities in underlhying EAP 6.2 container
Issue
- We have confirmed the EAP 6.2 is vulnerable to the following CVEs:
- CVE-2014-0075 - Reserved
- CVE-2014-0096 - Reserved
- CVE-2014-0099 - Reserved
- CVE-2014-0119- Reserved
- Is DV vulnerable to these same CVEs
- Does CP1 or CP2 fix them?
Environment
- Red Hat JBoss Data Virtualization 6
- Following CVEs
- [CVE-2014-0075] - jbossweb: tomcat: Limited DoS in chunked transfer encoding input filter
- [CVE-2014-0096] - jbossweb: Apache Tomcat: XXE vulnerability via user supplied XSLTs
- [CVE-2014-0099] - jbossweb: Apache Tomcat: Request smuggling via malicious content length header
- [CVE-2014-0119] - jbossweb: Apache Tomcat 6: XML parser hijack by malicious web application
- [CVE-2014-0193] - netty: DoS via memory exhaustion during data aggregation
- [CVE-2014-3481] - jboss-as-jaxrs: JBoss AS JAX-RS: Information disclosure via XML eXternal Entity
- [CVE-2014-3490] - RESTEasy: XXE via parameter entities
- [CVE-2014-3530] - PicketLink: XXE via insecure DocumentBuilderFactory usage
- [CVE-2014-3577] - httpclient: various flaws
- [CVE-2013-4002] - xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service
- [CVE-2013-5855] - Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
- [CVE-2012-6153] - httpclient: various flaws
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.