JDV Vulnerabilities in underlhying EAP 6.2 container - Red Hat Customer Portal

Issue

We have confirmed the EAP 6.2 is vulnerable to the following CVEs:
- CVE-2014-0075 - Reserved
- CVE-2014-0096 - Reserved
- CVE-2014-0099 - Reserved
- CVE-2014-0119- Reserved
Is DV vulnerable to these same CVEs
Does CP1 or CP2 fix them?

Environment

Red Hat JBoss Data Virtualization 6
Following CVEs
- [CVE-2014-0075] - jbossweb: tomcat: Limited DoS in chunked transfer encoding input filter
- [CVE-2014-0096] - jbossweb: Apache Tomcat: XXE vulnerability via user supplied XSLTs
- [CVE-2014-0099] - jbossweb: Apache Tomcat: Request smuggling via malicious content length header
- [CVE-2014-0119] - jbossweb: Apache Tomcat 6: XML parser hijack by malicious web application
- [CVE-2014-0193] - netty: DoS via memory exhaustion during data aggregation
- [CVE-2014-3481] - jboss-as-jaxrs: JBoss AS JAX-RS: Information disclosure via XML eXternal Entity
- [CVE-2014-3490] - RESTEasy: XXE via parameter entities
- [CVE-2014-3530] - PicketLink: XXE via insecure DocumentBuilderFactory usage
- [CVE-2014-3577] - httpclient: various flaws
- [CVE-2013-4002] - xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service
- [CVE-2013-5855] - Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
- [CVE-2012-6153] - httpclient: various flaws

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)