Moderate severityNVD Advisory· Published Nov 25, 2014· Updated May 6, 2026

CVE-2014-7839

Description

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jboss.resteasy:resteasy-jaxrsMaven	< 3.0.11.Final	3.0.11.Final

Affected products

Red Hat/Resteasy2 versions
cpe:2.3:a:redhat:resteasy:2.3.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:resteasy:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:3.0.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pc54-pchm-xcw6ghsaADVISORY
issues.jboss.org/browse/RESTEASY-1130nvdVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2014-7839ghsaADVISORY
rhn.redhat.com/errata/RHSA-2015-0675.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0773.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0850.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0851.htmlnvdWEB
github.com/resteasy/resteasy/pull/611/commits/3ab999c899c455a0b0a00bf5e455ed3e8d9ae347ghsaWEB
github.com/resteasy/resteasy/pull/611/commits/8b5d8cfc963794a74636d9a840e899408ec8fdc6ghsaWEB
secunia.com/advisories/62580nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000