Is there a security patch for JBossWS XML external entity resolver injection in JBoss EAP 4.3?
Issue
- Security vulnerability was encountered with session bean methods exposed as web services. In the SOAP request, a malicious user added a reference to an external entity. The user was able to exploit the security vulnerability and accessed the contents of some sensitive files on the filesystem
Environment
- JBoss Enterprise Application Platform (EAP) 4.3_CP08
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.