Impact: Moderate Public Date: 2014-11-18 CWE: CWE-611 Bugzilla: 1130383: CVE-2014-3599 HornetQ REST: XXE due to insecure configuration of RestEasy It exists that HornetQ REST did not set the resteasy.document.expand.entity.references context parameter to false by default. A HornetQ REST application, which does not explicitly set the required context parameter to false, may be vulnerable to XML External Entity (XXE) attacks. A remote attacker able to send XML requests to a HornetQ REST endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat hornetq |