JDV Vulnerabilities in underlhying EAP 6.2 container
Issue
- We have confirmed the EAP 6.2 is vulnerable to the following CVEs:
- CVE-2014-0075 - Reserved
- CVE-2014-0096 - Reserved
- CVE-2014-0099 - Reserved
- CVE-2014-0119- Reserved
- Is DV vulnerable to these same CVEs
- Does CP1 or CP2 fix them?
Environment
- Red Hat JBoss Data Virtualization 6
- Following CVEs
- [CVE-2014-0075] - jbossweb: tomcat: Limited DoS in chunked transfer encoding input filter
- [CVE-2014-0096] - jbossweb: Apache Tomcat: XXE vulnerability via user supplied XSLTs
- [CVE-2014-0099] - jbossweb: Apache Tomcat: Request smuggling via malicious content length header
- [CVE-2014-0119] - jbossweb: Apache Tomcat 6: XML parser hijack by malicious web application
- [CVE-2014-0193] - netty: DoS via memory exhaustion during data aggregation
- [CVE-2014-3481] - jboss-as-jaxrs: JBoss AS JAX-RS: Information disclosure via XML eXternal Entity
- [CVE-2014-3490] - RESTEasy: XXE via parameter entities
- [CVE-2014-3530] - PicketLink: XXE via insecure DocumentBuilderFactory usage
- [CVE-2014-3577] - httpclient: various flaws
- [CVE-2013-4002] - xerces-j2: Xerces-J2 OpenJDK: XML parsing Denial of Service
- [CVE-2013-5855] - Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
- [CVE-2012-6153] - httpclient: various flaws
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
