Is there a security patch for JBossWS XML external entity resolver injection in JBoss EAP 4.3?

Solution Verified - Updated -

Issue

  • Security vulnerability was encountered with session bean methods exposed as web services. In the SOAP request, a malicious user added a reference to an external entity. The user was able to exploit the security vulnerability and accessed the contents of some sensitive files on the filesystem

Environment

  • JBoss Enterprise Application Platform (EAP) 4.3_CP08

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content