CVE-2014-3530
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Find out more about CVE-2014-3530 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This flaw could allow remote, unauthenticated attackers to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. All systems hosting PicketLink applications using SAML Identity Providers and Service Providers may be affected. It is strongly advised that anyone running an affected system applies patches to address this flaw.
CVSS v2 metrics
| Base Score | 7.5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6.2 | RHSA-2014:0884 | 2014-07-16 |
| Red Hat JBoss Portal 6.2 | RHSA-2015:1009 | 2015-05-14 |
| Red Hat JBoss Fuse Service Works 6.0 | RHSA-2015:0720 | 2015-03-24 |
| Red Hat JBoss BPMS 6.0 | RHSA-2015:0234 | 2015-02-17 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (picketlink-federation) | RHSA-2014:0885 | 2014-07-15 |
| Red Hat JBoss Web Platform 5 for RHEL 5 Server (picketlink-federation) | RHSA-2014:0898 | 2014-07-16 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (picketlink-federation) | RHSA-2014:0885 | 2014-07-15 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS (picketlink-federation) | RHSA-2014:0898 | 2014-07-16 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (picketlink-federation) | RHSA-2014:0883 | 2014-07-15 |
| Red Hat JBoss Data Virtualization 6.0 | RHSA-2015:0765 | 2015-03-31 |
| Red Hat JBoss SOA Platform 5.3 | RHSA-2015:1888 | 2015-10-12 |
| Red Hat JBoss Web Platform 5.2 | RHSA-2014:0897 | 2014-07-16 |
| Red Hat JBoss Operations Network 3.2 | RHSA-2014:0910 | 2014-07-21 |
| Red Hat JBoss Data Grid 6.4 | RHSA-2015:0091 | 2015-01-27 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (picketlink-federation) | RHSA-2014:0885 | 2014-07-15 |
| Red Hat JBoss Web Platform 5 for RHEL 6 Server (picketlink-federation) | RHSA-2014:0898 | 2014-07-16 |
| Red Hat JBoss Data Virtualization 6.1 | RHSA-2015:0675 | 2015-03-11 |
| Red Hat JBoss Enterprise Application Platform 5.2 | RHSA-2014:0886 | 2014-07-16 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (picketlink-federation) | RHSA-2014:0883 | 2014-07-15 |
| Red Hat JBoss BRMS 6.0 | RHSA-2015:0235 | 2015-02-17 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Portal 5 | picketlink | Affected |
| Red Hat JBoss BRMS 5 | picketlink | Will not fix |