High severityNVD Advisory· Published Aug 19, 2014· Updated Jun 17, 2026
CVE-2014-3490
CVE-2014-3490
Description
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.resteasy:resteasy-clientMaven | >= 2.3.1, < 2.3.8.SP2 | 2.3.8.SP2 |
org.jboss.resteasy:resteasy-clientMaven | >= 3.0.0, < 3.0.9.Final | 3.0.9.Final |
Affected products
10- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*range: >=2.3.1,<=2.3.7.2
- cpe:2.3:a:redhat:resteasy:3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0:rc1:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
16- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdPatchThird Party AdvisoryWEB
- github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83nvdPatchThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2014-1011.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2014-1039.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2014-1040.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2014-1298.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0125.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0675.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0720.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-0765.htmlnvdThird Party AdvisoryWEB
- secunia.com/advisories/60019nvdThird Party Advisory
- www.securityfocus.com/bid/69058nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-qjpq-5pq3-43rrghsaADVISORY
- github.com/resteasy/Resteasy/pull/521nvdThird Party AdvisoryWEB
- github.com/resteasy/Resteasy/pull/533nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-3490ghsaADVISORY
News mentions
0No linked articles in our index yet.