Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2014-0225
Vulnerability from cvelistv5
Published
2017-05-25 17:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
0.53%
(0.64585)
Summary
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2014-0225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2014-0225 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Spring Framework |
Version: 4.0.0 to 4.0.4 Version: 3.0.0 to 3.2.8 Version: Earlier unsupported versions may be affected |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.298Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2014-0225", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Framework", vendor: "Pivotal", versions: [ { status: "affected", version: "4.0.0 to 4.0.4", }, { status: "affected", version: "3.0.0 to 3.2.8", }, { status: "affected", version: "Earlier unsupported versions may be affected", }, ], }, ], datePublic: "2014-05-28T00:00:00", descriptions: [ { lang: "en", value: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", }, ], problemTypes: [ { descriptions: [ { description: "XXE", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-25T16:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2014-0225", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-0225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Framework", version: { version_data: [ { version_value: "4.0.0 to 4.0.4", }, { version_value: "3.0.0 to 3.2.8", }, { version_value: "Earlier unsupported versions may be affected", }, ], }, }, ], }, vendor_name: "Pivotal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XXE", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2014-0225", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2014-0225", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2014-0225", datePublished: "2017-05-25T17:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:spring_framework:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4552840-9F26-478E-8875-5B2809C7FD69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:spring_framework:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A6266B7-5676-4786-9A5C-1E31D21DC76D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E02D9007-1215-4FD1-822A-BA95748E75D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C04E981-6FF9-4842-912B-EB5D3E9E7A68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5CBB128-9F47-45ED-8A4A-62C6439D01DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0915A639-5F69-4054-A01D-D6E9B9DAF277\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3812C2F2-E861-4038-9D80-4C2EB311AA90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B37852-F488-4FA1-894B-A5B390567CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AE8E872-CC85-44A9-A3FC-EEDCDE4E2DCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9D5172D-5E19-40C1-8C1B-CC22706E780D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46E410D2-DA53-4806-B296-451C3D9CDEEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"753C95ED-5162-4156-B8A1-011A1DAADAD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1996FA84-C504-4010-9984-B563514F1AB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B61F3E25-A415-4A25-91D6-4FBA6F575AAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A2C4C81-2E79-411C-AEB8-A5E40FC28D31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"010915FE-3BCE-4652-8D8B-47EE085F3BEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D16C8EFA-F1E4-48C3-BC86-A132873426C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2260DAE-0090-4624-A6BF-1F9406659C0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D57791EA-3A91-4BEE-AF1F-B64D0FC47723\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.0:rc2-a:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA88332D-07C0-4C95-BC27-75536F09613B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2E2EA60-735E-431E-BEFE-DC5C1046E532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFD1FA92-7BFC-4874-89FC-BE0F378F0DB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CC0E26F-2E8B-4B30-8C43-8BD2015EBB88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CB73406-5FE4-438E-BCB7-57FBF6EC38D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76F06BC-F53E-4E37-B84F-3E992D459A49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD8CC0CF-61DE-4E3A-80DD-4AD34EBDF419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D49870-9E17-4049-9ABB-311C319A0E8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB9CE889-FBC5-4078-ABAC-8BC6CA235D04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A94E509-0E06-4FD0-BA61-292515031BAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5CF3CDB-339A-46A5-BCFE-4DF4120EAD3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0A0C100-FAD1-4004-AA42-AE508F4D540E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE8D78C3-5C4D-4FAD-BC0F-1AD8C55D88F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDB13067-D890-414E-B7CD-A3C11A1DBC9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AA135B9-819D-4FAF-8F98-EA4549575327\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.\"}, {\"lang\": \"es\", \"value\": \"Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resoluci\\u00f3n de las referencias URI en una declaraci\\u00f3n DTD, lo que habilita ataques de tipo XXE.\"}]", id: "CVE-2014-0225", lastModified: "2024-11-21T02:01:41.860", metrics: "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}", published: "2017-05-25T17:29:00.207", references: "[{\"url\": \"https://pivotal.io/security/cve-2014-0225\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2014-0225\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2014-0225\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-05-25T17:29:00.207\",\"lastModified\":\"2024-11-21T02:01:41.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.\"},{\"lang\":\"es\",\"value\":\"Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declaración DTD, lo que habilita ataques de tipo XXE.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_framework:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4552840-9F26-478E-8875-5B2809C7FD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_framework:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A6266B7-5676-4786-9A5C-1E31D21DC76D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E02D9007-1215-4FD1-822A-BA95748E75D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C04E981-6FF9-4842-912B-EB5D3E9E7A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5CBB128-9F47-45ED-8A4A-62C6439D01DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0915A639-5F69-4054-A01D-D6E9B9DAF277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3812C2F2-E861-4038-9D80-4C2EB311AA90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B37852-F488-4FA1-894B-A5B390567CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AE8E872-CC85-44A9-A3FC-EEDCDE4E2DCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9D5172D-5E19-40C1-8C1B-CC22706E780D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E410D2-DA53-4806-B296-451C3D9CDEEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"753C95ED-5162-4156-B8A1-011A1DAADAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1996FA84-C504-4010-9984-B563514F1AB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61F3E25-A415-4A25-91D6-4FBA6F575AAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2C4C81-2E79-411C-AEB8-A5E40FC28D31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010915FE-3BCE-4652-8D8B-47EE085F3BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16C8EFA-F1E4-48C3-BC86-A132873426C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2260DAE-0090-4624-A6BF-1F9406659C0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D57791EA-3A91-4BEE-AF1F-B64D0FC47723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.0:rc2-a:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA88332D-07C0-4C95-BC27-75536F09613B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E2EA60-735E-431E-BEFE-DC5C1046E532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD1FA92-7BFC-4874-89FC-BE0F378F0DB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC0E26F-2E8B-4B30-8C43-8BD2015EBB88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB73406-5FE4-438E-BCB7-57FBF6EC38D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76F06BC-F53E-4E37-B84F-3E992D459A49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD8CC0CF-61DE-4E3A-80DD-4AD34EBDF419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D49870-9E17-4049-9ABB-311C319A0E8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9CE889-FBC5-4078-ABAC-8BC6CA235D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A94E509-0E06-4FD0-BA61-292515031BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5CF3CDB-339A-46A5-BCFE-4DF4120EAD3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A0C100-FAD1-4004-AA42-AE508F4D540E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE8D78C3-5C4D-4FAD-BC0F-1AD8C55D88F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB13067-D890-414E-B7CD-A3C11A1DBC9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA135B9-819D-4FAF-8F98-EA4549575327\"}]}]}],\"references\":[{\"url\":\"https://pivotal.io/security/cve-2014-0225\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2014-0225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
ghsa-f93f-g33r-8pcp
Vulnerability from github
Published
2022-05-13 01:02
Modified
2024-02-27 23:55
Severity ?
Summary
Improper Restriction of XML External Entity Reference in Spring Framework
Details
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
{ affected: [ { package: { ecosystem: "Maven", name: "org.springframework:spring-webmvc", }, ranges: [ { events: [ { introduced: "4.0.0", }, { fixed: "4.0.5", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.springframework:spring-webmvc", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.2.8", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2014-0225", ], database_specific: { cwe_ids: [ "CWE-611", ], github_reviewed: true, github_reviewed_at: "2022-07-07T22:58:08Z", nvd_published_at: "2017-05-25T17:29:00Z", severity: "HIGH", }, details: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", id: "GHSA-f93f-g33r-8pcp", modified: "2024-02-27T23:55:20Z", published: "2022-05-13T01:02:39Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", }, { type: "WEB", url: "https://github.com/spring-projects/spring-framework/commit/44ee51a6c9c3734b3fcf9a20817117e86047d753", }, { type: "WEB", url: "https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1", }, { type: "WEB", url: "https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb", }, { type: "WEB", url: "https://jira.spring.io/browse/SPR-11768", }, { type: "WEB", url: "https://pivotal.io/security/cve-2014-0225", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "Improper Restriction of XML External Entity Reference in Spring Framework", }
gsd-2014-0225
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
Aliases
Aliases
{ GSD: { alias: "CVE-2014-0225", description: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", id: "GSD-2014-0225", references: [ "https://access.redhat.com/errata/RHSA-2014:1351", "https://advisories.mageia.org/CVE-2014-0225.html", "https://ubuntu.com/security/CVE-2014-0225", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2014-0225", ], details: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", id: "GSD-2014-0225", modified: "2023-12-13T01:22:44.597629Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2014-0225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Framework", version: { version_data: [ { version_value: "4.0.0 to 4.0.4", }, { version_value: "3.0.0 to 3.2.8", }, { version_value: "Earlier unsupported versions may be affected", }, ], }, }, ], }, vendor_name: "Pivotal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XXE", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2014-0225", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2014-0225", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[3-alpha0,3.2.8.RELEASE],[4-alpha0,4.0.4.RELEASE]", affected_versions: "All versions starting from 3-alpha0 up to 3.2.8.release, all versions starting from 4-alpha0 up to 4.0.4.release", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-611", "CWE-937", ], date: "2017-06-07", description: "This package did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", fixed_versions: [ "3.2.9.RELEASE", "4.0.5.RELEASE", ], identifier: "CVE-2014-0225", identifiers: [ "CVE-2014-0225", ], not_impacted: "All versions before 3-alpha0, all versions after 3.2.8.release before 4-alpha0, all versions after 4.0.4.release", package_slug: "maven/org.springframework/spring-oxm", pubdate: "2017-05-25", solution: "Upgrade to versions 3.2.9.RELEASE, 4.0.5.RELEASE or above.", title: "Information disclosure via SSRF", urls: [ "http://www.gopivotal.com/security/cve-2014-0225", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225", ], uuid: "5fe0ea5a-2c96-4df3-9c00-ae84e916673c", }, { affected_range: "[3,3.2.8.RELEASE],[4,4.0.4.RELEASE]", affected_versions: "All versions starting from 3 up to 3.2.8.RELEASE, all versions starting from 4 up to 4.0.4.RELEASE", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-611", "CWE-937", ], date: "2017-06-07", description: "When processing user provided XML documents, the Spring Framework does not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", fixed_versions: [ "3.2.9.RELEASE", "4.0.5.RELEASE", ], identifier: "CVE-2014-0225", identifiers: [ "CVE-2014-0225", ], not_impacted: "All versions before 3, all versions after 3.2.8.RELEASE before 4, all versions after 4.0.4.RELEASE", package_slug: "maven/org.springframework/spring-web", pubdate: "2017-05-25", solution: "Upgrade to versions 3.2.9.RELEASE, 4.0.5.RELEASE or above.", title: "Improper Restriction of XML External Entity Reference", urls: [ "http://www.gopivotal.com/security/cve-2014-0225", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0225", ], uuid: "b97412ff-22a0-4380-9eb3-596bef9fa1f1", }, { affected_range: "[3.0.0,3.2.8),[4.0.0,4.0.5)", affected_versions: "All versions starting from 3.0.0 before 3.2.8, all versions starting from 4.0.0 before 4.0.5", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-611", "CWE-937", ], date: "2022-07-07", description: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions does not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", fixed_versions: [ "3.2.8", "4.0.5", ], identifier: "CVE-2014-0225", identifiers: [ "GHSA-f93f-g33r-8pcp", "CVE-2014-0225", ], not_impacted: "All versions before 3.0.0, all versions starting from 3.2.8 before 4.0.0, all versions starting from 4.0.5", package_slug: "maven/org.springframework/spring-webmvc", pubdate: "2022-05-13", solution: "Upgrade to versions 3.2.8, 4.0.5 or above.", title: "Improper Restriction of XML External Entity Reference", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", "https://pivotal.io/security/cve-2014-0225", "https://github.com/spring-projects/spring-framework/commit/8e096aeef55287dc829484996c9330cf755891a1", "https://github.com/spring-projects/spring-framework/commit/c6503ebbf7c9e21ff022c58706dbac5417b2b5eb", "https://jira.spring.io/browse/SPR-11768", "https://github.com/advisories/GHSA-f93f-g33r-8pcp", ], uuid: "d1861ff0-f8f9-4a80-9813-b76291c8f34d", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_framework:3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.0:rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.0:rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc2-a:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.0:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.0:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_framework:3.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2014-0225", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-611", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2014-0225", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2014-0225", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2022-04-11T17:16Z", publishedDate: "2017-05-25T17:29Z", }, }, }
rhsa-2014_1351
Vulnerability from csaf_redhat
Published
2014-10-01 18:10
Modified
2024-11-25 11:57
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
Notes
Topic
Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several
security issues, multiple bug fixes, and adds various enhancements, is now
available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant
messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ
6.1.0. It includes bug fixes and enhancements, which are documented in the
readme.txt file included with the patch files. The following security
issues are addressed in this release:
It was discovered that Apache Shiro authenticated users without specifying
a user name or a password when used in conjunction with an LDAP back end
that allowed unauthenticated binds. (CVE-2014-0074)
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the SecurityTokenService (STS), provided as a part of
Apache CXF, could under certain circumstances accept invalid SAML tokens as
valid. A remote attacker could use a specially crafted SAML token to gain
access to an application that uses STS for validation of SAML tokens.
(CVE-2014-0034)
A denial of service flaw was found in the way Apache CXF created error
messages for certain POST requests. A remote attacker could send a
specially crafted request which, when processed by an application using
Apache CXF, could consume an excessive amount of memory on the system,
possibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)
It was found that when a large invalid SOAP message was processed by Apache
CXF, it could be saved to a temporary file in the /tmp directory. A remote
attacker could send a specially crafted SOAP message that, when processed
by an application using Apache CXF, would use an excessive amount of disk
space, possibly causing a denial of service. (CVE-2014-0110)
It was found that Jolokia was vulnerable to Cross-Site Request Forgery
(CSRF) attacks. A remote attacker could provide a specially crafted web
page that, when visited by a user logged in to Jolokia, could allow the
attacker to execute arbitrary methods on MBeans exposed via JMX.
(CVE-2014-0168)
It was found that the Spring Framework did not, by default, disable the
resolution of URI references in a DTD declaration when processing
user-provided XML documents. By observing differences in response times, an
attacker could identify valid IP addresses on the internal network with
functioning web servers. (CVE-2014-0225)
It was discovered that UsernameTokens were sent in plain text by an Apache
CXF client that used a Symmetric EncryptBeforeSigning password policy.
A man-in-the-middle attacker could use this flaw to obtain the user name
and password used by the client application using Apache CXF.
(CVE-2014-0035)
A flaw was found in the WebSocket08FrameDecoder implementation that could
allow a remote attacker to trigger an Out Of Memory Exception by issuing a
series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on
the server configuration, this could lead to a denial of service.
(CVE-2014-0193)
Refer to the readme.txt file included with the patch files for
installation instructions.
Red Hat would like to thank James Roper of Typesafe for reporting the
CVE-2014-0193 issue.
All users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as
provided from the Red Hat Customer Portal are advised to apply this
security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several\nsecurity issues, multiple bug fixes, and adds various enhancements, is now\navailable from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\nRed Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ\n6.1.0. It includes bug fixes and enhancements, which are documented in the\nreadme.txt file included with the patch files. The following security\nissues are addressed in this release:\n\nIt was discovered that Apache Shiro authenticated users without specifying\na user name or a password when used in conjunction with an LDAP back end\nthat allowed unauthenticated binds. (CVE-2014-0074)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the SecurityTokenService (STS), provided as a part of\nApache CXF, could under certain circumstances accept invalid SAML tokens as\nvalid. A remote attacker could use a specially crafted SAML token to gain\naccess to an application that uses STS for validation of SAML tokens.\n(CVE-2014-0034)\n\nA denial of service flaw was found in the way Apache CXF created error\nmessages for certain POST requests. A remote attacker could send a\nspecially crafted request which, when processed by an application using\nApache CXF, could consume an excessive amount of memory on the system,\npossibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)\n\nIt was found that when a large invalid SOAP message was processed by Apache\nCXF, it could be saved to a temporary file in the /tmp directory. A remote\nattacker could send a specially crafted SOAP message that, when processed\nby an application using Apache CXF, would use an excessive amount of disk\nspace, possibly causing a denial of service. (CVE-2014-0110)\n\nIt was found that Jolokia was vulnerable to Cross-Site Request Forgery\n(CSRF) attacks. A remote attacker could provide a specially crafted web\npage that, when visited by a user logged in to Jolokia, could allow the\nattacker to execute arbitrary methods on MBeans exposed via JMX.\n(CVE-2014-0168)\n\nIt was found that the Spring Framework did not, by default, disable the\nresolution of URI references in a DTD declaration when processing\nuser-provided XML documents. By observing differences in response times, an\nattacker could identify valid IP addresses on the internal network with\nfunctioning web servers. (CVE-2014-0225)\n\nIt was discovered that UsernameTokens were sent in plain text by an Apache\nCXF client that used a Symmetric EncryptBeforeSigning password policy.\nA man-in-the-middle attacker could use this flaw to obtain the user name\nand password used by the client application using Apache CXF.\n(CVE-2014-0035)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue.\n\nAll users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as\nprovided from the Red Hat Customer Portal are advised to apply this\nsecurity update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:1351", url: "https://access.redhat.com/errata/RHSA-2014:1351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", }, { category: "external", summary: "1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1351.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update", tracking: { current_release_date: "2024-11-25T11:57:08+00:00", generator: { date: "2024-11-25T11:57:08+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2014:1351", initial_release_date: "2014-10-01T18:10:39+00:00", revision_history: [ { date: "2014-10-01T18:10:39+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:33:57+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T11:57:08+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.1", product: { name: "Red Hat JBoss A-MQ 6.1", product_id: "Red Hat JBoss A-MQ 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.1.0", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.1", product: { name: "Red Hat JBoss Fuse 6.1", product_id: "Red Hat JBoss Fuse 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.1.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2014-0034", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093529", }, ], notes: [ { category: "description", text: "It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.", title: "Vulnerability description", }, { category: "summary", text: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0034", }, { category: "external", summary: "RHBZ#1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0034", url: "https://www.cve.org/CVERecord?id=CVE-2014-0034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", }, { cve: "CVE-2014-0035", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093530", }, ], notes: [ { category: "description", text: "It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF.", title: "Vulnerability description", }, { category: "summary", text: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0035", }, { category: "external", summary: "RHBZ#1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0035", url: "https://www.cve.org/CVERecord?id=CVE-2014-0035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", }, { cve: "CVE-2014-0074", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2014-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1072603", }, ], notes: [ { category: "description", text: "It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.", title: "Vulnerability description", }, { category: "summary", text: "Shiro: successful authentication without specifying user name or password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0074", }, { category: "external", summary: "RHBZ#1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0074", url: "https://www.cve.org/CVERecord?id=CVE-2014-0074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", }, ], release_date: "2014-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Shiro: successful authentication without specifying user name or password", }, { cve: "CVE-2014-0107", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2014-03-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1080248", }, ], notes: [ { category: "description", text: "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", title: "Vulnerability description", }, { category: "summary", text: "Xalan-Java: insufficient constraints in secure processing feature", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0107", }, { category: "external", summary: "RHBZ#1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0107", url: "https://www.cve.org/CVERecord?id=CVE-2014-0107", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", }, { category: "external", summary: "http://www.ocert.org/advisories/ocert-2014-002.html", url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, ], release_date: "2014-03-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Xalan-Java: insufficient constraints in secure processing feature", }, { cve: "CVE-2014-0109", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093526", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.", title: "Vulnerability description", }, { category: "summary", text: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0109", }, { category: "external", summary: "RHBZ#1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0109", url: "https://www.cve.org/CVERecord?id=CVE-2014-0109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", }, { cve: "CVE-2014-0110", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093527", }, ], notes: [ { category: "description", text: "It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "CXF: Large invalid content could cause temporary space to fill", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0110", }, { category: "external", summary: "RHBZ#1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0110", url: "https://www.cve.org/CVERecord?id=CVE-2014-0110", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: Large invalid content could cause temporary space to fill", }, { cve: "CVE-2014-0168", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2014-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1084838", }, ], notes: [ { category: "description", text: "It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user logged in to Jolokia, could allow the attacker to execute arbitrary methods on MBeans exposed via JMX.", title: "Vulnerability description", }, { category: "summary", text: "Jolokia: cross-site request forgery (CSRF)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0168", }, { category: "external", summary: "RHBZ#1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0168", url: "https://www.cve.org/CVERecord?id=CVE-2014-0168", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", }, ], release_date: "2014-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Jolokia: cross-site request forgery (CSRF)", }, { acknowledgments: [ { names: [ "James Roper", ], organization: "Typesafe", }, ], cve: "CVE-2014-0193", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-04-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1092783", }, ], notes: [ { category: "description", text: "A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty: DoS via memory exhaustion during data aggregation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0193", }, { category: "external", summary: "RHBZ#1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0193", url: "https://www.cve.org/CVERecord?id=CVE-2014-0193", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: DoS via memory exhaustion during data aggregation", }, { cve: "CVE-2014-0225", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2014-06-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1110110", }, ], notes: [ { category: "description", text: "It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers.", title: "Vulnerability description", }, { category: "summary", text: "Framework: Information disclosure via SSRF", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0225", }, { category: "external", summary: "RHBZ#1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0225", url: "https://www.cve.org/CVERecord?id=CVE-2014-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", }, ], release_date: "2014-05-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: Information disclosure via SSRF", }, ], }
RHSA-2014:1351
Vulnerability from csaf_redhat
Published
2014-10-01 18:10
Modified
2025-01-26 19:52
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
Notes
Topic
Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several
security issues, multiple bug fixes, and adds various enhancements, is now
available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant
messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ
6.1.0. It includes bug fixes and enhancements, which are documented in the
readme.txt file included with the patch files. The following security
issues are addressed in this release:
It was discovered that Apache Shiro authenticated users without specifying
a user name or a password when used in conjunction with an LDAP back end
that allowed unauthenticated binds. (CVE-2014-0074)
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the SecurityTokenService (STS), provided as a part of
Apache CXF, could under certain circumstances accept invalid SAML tokens as
valid. A remote attacker could use a specially crafted SAML token to gain
access to an application that uses STS for validation of SAML tokens.
(CVE-2014-0034)
A denial of service flaw was found in the way Apache CXF created error
messages for certain POST requests. A remote attacker could send a
specially crafted request which, when processed by an application using
Apache CXF, could consume an excessive amount of memory on the system,
possibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)
It was found that when a large invalid SOAP message was processed by Apache
CXF, it could be saved to a temporary file in the /tmp directory. A remote
attacker could send a specially crafted SOAP message that, when processed
by an application using Apache CXF, would use an excessive amount of disk
space, possibly causing a denial of service. (CVE-2014-0110)
It was found that Jolokia was vulnerable to Cross-Site Request Forgery
(CSRF) attacks. A remote attacker could provide a specially crafted web
page that, when visited by a user logged in to Jolokia, could allow the
attacker to execute arbitrary methods on MBeans exposed via JMX.
(CVE-2014-0168)
It was found that the Spring Framework did not, by default, disable the
resolution of URI references in a DTD declaration when processing
user-provided XML documents. By observing differences in response times, an
attacker could identify valid IP addresses on the internal network with
functioning web servers. (CVE-2014-0225)
It was discovered that UsernameTokens were sent in plain text by an Apache
CXF client that used a Symmetric EncryptBeforeSigning password policy.
A man-in-the-middle attacker could use this flaw to obtain the user name
and password used by the client application using Apache CXF.
(CVE-2014-0035)
A flaw was found in the WebSocket08FrameDecoder implementation that could
allow a remote attacker to trigger an Out Of Memory Exception by issuing a
series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on
the server configuration, this could lead to a denial of service.
(CVE-2014-0193)
Refer to the readme.txt file included with the patch files for
installation instructions.
Red Hat would like to thank James Roper of Typesafe for reporting the
CVE-2014-0193 issue.
All users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as
provided from the Red Hat Customer Portal are advised to apply this
security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several\nsecurity issues, multiple bug fixes, and adds various enhancements, is now\navailable from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\nRed Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ\n6.1.0. It includes bug fixes and enhancements, which are documented in the\nreadme.txt file included with the patch files. The following security\nissues are addressed in this release:\n\nIt was discovered that Apache Shiro authenticated users without specifying\na user name or a password when used in conjunction with an LDAP back end\nthat allowed unauthenticated binds. (CVE-2014-0074)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the SecurityTokenService (STS), provided as a part of\nApache CXF, could under certain circumstances accept invalid SAML tokens as\nvalid. A remote attacker could use a specially crafted SAML token to gain\naccess to an application that uses STS for validation of SAML tokens.\n(CVE-2014-0034)\n\nA denial of service flaw was found in the way Apache CXF created error\nmessages for certain POST requests. A remote attacker could send a\nspecially crafted request which, when processed by an application using\nApache CXF, could consume an excessive amount of memory on the system,\npossibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)\n\nIt was found that when a large invalid SOAP message was processed by Apache\nCXF, it could be saved to a temporary file in the /tmp directory. A remote\nattacker could send a specially crafted SOAP message that, when processed\nby an application using Apache CXF, would use an excessive amount of disk\nspace, possibly causing a denial of service. (CVE-2014-0110)\n\nIt was found that Jolokia was vulnerable to Cross-Site Request Forgery\n(CSRF) attacks. A remote attacker could provide a specially crafted web\npage that, when visited by a user logged in to Jolokia, could allow the\nattacker to execute arbitrary methods on MBeans exposed via JMX.\n(CVE-2014-0168)\n\nIt was found that the Spring Framework did not, by default, disable the\nresolution of URI references in a DTD declaration when processing\nuser-provided XML documents. By observing differences in response times, an\nattacker could identify valid IP addresses on the internal network with\nfunctioning web servers. (CVE-2014-0225)\n\nIt was discovered that UsernameTokens were sent in plain text by an Apache\nCXF client that used a Symmetric EncryptBeforeSigning password policy.\nA man-in-the-middle attacker could use this flaw to obtain the user name\nand password used by the client application using Apache CXF.\n(CVE-2014-0035)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue.\n\nAll users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as\nprovided from the Red Hat Customer Portal are advised to apply this\nsecurity update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:1351", url: "https://access.redhat.com/errata/RHSA-2014:1351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", }, { category: "external", summary: "1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1351.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update", tracking: { current_release_date: "2025-01-26T19:52:59+00:00", generator: { date: "2025-01-26T19:52:59+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2014:1351", initial_release_date: "2014-10-01T18:10:39+00:00", revision_history: [ { date: "2014-10-01T18:10:39+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:33:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-26T19:52:59+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.1", product: { name: "Red Hat JBoss A-MQ 6.1", product_id: "Red Hat JBoss A-MQ 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.1.0", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.1", product: { name: "Red Hat JBoss Fuse 6.1", product_id: "Red Hat JBoss Fuse 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.1.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2014-0034", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093529", }, ], notes: [ { category: "description", text: "It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.", title: "Vulnerability description", }, { category: "summary", text: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0034", }, { category: "external", summary: "RHBZ#1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0034", url: "https://www.cve.org/CVERecord?id=CVE-2014-0034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", }, { cve: "CVE-2014-0035", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093530", }, ], notes: [ { category: "description", text: "It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF.", title: "Vulnerability description", }, { category: "summary", text: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0035", }, { category: "external", summary: "RHBZ#1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0035", url: "https://www.cve.org/CVERecord?id=CVE-2014-0035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", }, { cve: "CVE-2014-0074", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2014-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1072603", }, ], notes: [ { category: "description", text: "It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.", title: "Vulnerability description", }, { category: "summary", text: "Shiro: successful authentication without specifying user name or password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0074", }, { category: "external", summary: "RHBZ#1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0074", url: "https://www.cve.org/CVERecord?id=CVE-2014-0074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", }, ], release_date: "2014-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Shiro: successful authentication without specifying user name or password", }, { cve: "CVE-2014-0107", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2014-03-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1080248", }, ], notes: [ { category: "description", text: "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", title: "Vulnerability description", }, { category: "summary", text: "Xalan-Java: insufficient constraints in secure processing feature", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0107", }, { category: "external", summary: "RHBZ#1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0107", url: "https://www.cve.org/CVERecord?id=CVE-2014-0107", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", }, { category: "external", summary: "http://www.ocert.org/advisories/ocert-2014-002.html", url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, ], release_date: "2014-03-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Xalan-Java: insufficient constraints in secure processing feature", }, { cve: "CVE-2014-0109", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093526", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.", title: "Vulnerability description", }, { category: "summary", text: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0109", }, { category: "external", summary: "RHBZ#1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0109", url: "https://www.cve.org/CVERecord?id=CVE-2014-0109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", }, { cve: "CVE-2014-0110", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093527", }, ], notes: [ { category: "description", text: "It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "CXF: Large invalid content could cause temporary space to fill", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0110", }, { category: "external", summary: "RHBZ#1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0110", url: "https://www.cve.org/CVERecord?id=CVE-2014-0110", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: Large invalid content could cause temporary space to fill", }, { cve: "CVE-2014-0168", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2014-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1084838", }, ], notes: [ { category: "description", text: "It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user logged in to Jolokia, could allow the attacker to execute arbitrary methods on MBeans exposed via JMX.", title: "Vulnerability description", }, { category: "summary", text: "Jolokia: cross-site request forgery (CSRF)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0168", }, { category: "external", summary: "RHBZ#1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0168", url: "https://www.cve.org/CVERecord?id=CVE-2014-0168", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", }, ], release_date: "2014-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Jolokia: cross-site request forgery (CSRF)", }, { acknowledgments: [ { names: [ "James Roper", ], organization: "Typesafe", }, ], cve: "CVE-2014-0193", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-04-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1092783", }, ], notes: [ { category: "description", text: "A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty: DoS via memory exhaustion during data aggregation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0193", }, { category: "external", summary: "RHBZ#1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0193", url: "https://www.cve.org/CVERecord?id=CVE-2014-0193", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: DoS via memory exhaustion during data aggregation", }, { cve: "CVE-2014-0225", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2014-06-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1110110", }, ], notes: [ { category: "description", text: "It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers.", title: "Vulnerability description", }, { category: "summary", text: "Framework: Information disclosure via SSRF", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0225", }, { category: "external", summary: "RHBZ#1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0225", url: "https://www.cve.org/CVERecord?id=CVE-2014-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", }, ], release_date: "2014-05-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: Information disclosure via SSRF", }, ], }
rhsa-2014:1351
Vulnerability from csaf_redhat
Published
2014-10-01 18:10
Modified
2025-01-26 19:52
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
Notes
Topic
Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several
security issues, multiple bug fixes, and adds various enhancements, is now
available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant
messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ
6.1.0. It includes bug fixes and enhancements, which are documented in the
readme.txt file included with the patch files. The following security
issues are addressed in this release:
It was discovered that Apache Shiro authenticated users without specifying
a user name or a password when used in conjunction with an LDAP back end
that allowed unauthenticated binds. (CVE-2014-0074)
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the SecurityTokenService (STS), provided as a part of
Apache CXF, could under certain circumstances accept invalid SAML tokens as
valid. A remote attacker could use a specially crafted SAML token to gain
access to an application that uses STS for validation of SAML tokens.
(CVE-2014-0034)
A denial of service flaw was found in the way Apache CXF created error
messages for certain POST requests. A remote attacker could send a
specially crafted request which, when processed by an application using
Apache CXF, could consume an excessive amount of memory on the system,
possibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)
It was found that when a large invalid SOAP message was processed by Apache
CXF, it could be saved to a temporary file in the /tmp directory. A remote
attacker could send a specially crafted SOAP message that, when processed
by an application using Apache CXF, would use an excessive amount of disk
space, possibly causing a denial of service. (CVE-2014-0110)
It was found that Jolokia was vulnerable to Cross-Site Request Forgery
(CSRF) attacks. A remote attacker could provide a specially crafted web
page that, when visited by a user logged in to Jolokia, could allow the
attacker to execute arbitrary methods on MBeans exposed via JMX.
(CVE-2014-0168)
It was found that the Spring Framework did not, by default, disable the
resolution of URI references in a DTD declaration when processing
user-provided XML documents. By observing differences in response times, an
attacker could identify valid IP addresses on the internal network with
functioning web servers. (CVE-2014-0225)
It was discovered that UsernameTokens were sent in plain text by an Apache
CXF client that used a Symmetric EncryptBeforeSigning password policy.
A man-in-the-middle attacker could use this flaw to obtain the user name
and password used by the client application using Apache CXF.
(CVE-2014-0035)
A flaw was found in the WebSocket08FrameDecoder implementation that could
allow a remote attacker to trigger an Out Of Memory Exception by issuing a
series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on
the server configuration, this could lead to a denial of service.
(CVE-2014-0193)
Refer to the readme.txt file included with the patch files for
installation instructions.
Red Hat would like to thank James Roper of Typesafe for reporting the
CVE-2014-0193 issue.
All users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as
provided from the Red Hat Customer Portal are advised to apply this
security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several\nsecurity issues, multiple bug fixes, and adds various enhancements, is now\navailable from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\nRed Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ\n6.1.0. It includes bug fixes and enhancements, which are documented in the\nreadme.txt file included with the patch files. The following security\nissues are addressed in this release:\n\nIt was discovered that Apache Shiro authenticated users without specifying\na user name or a password when used in conjunction with an LDAP back end\nthat allowed unauthenticated binds. (CVE-2014-0074)\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the SecurityTokenService (STS), provided as a part of\nApache CXF, could under certain circumstances accept invalid SAML tokens as\nvalid. A remote attacker could use a specially crafted SAML token to gain\naccess to an application that uses STS for validation of SAML tokens.\n(CVE-2014-0034)\n\nA denial of service flaw was found in the way Apache CXF created error\nmessages for certain POST requests. A remote attacker could send a\nspecially crafted request which, when processed by an application using\nApache CXF, could consume an excessive amount of memory on the system,\npossibly triggering an Out Of Memory (OOM) error. (CVE-2014-0109)\n\nIt was found that when a large invalid SOAP message was processed by Apache\nCXF, it could be saved to a temporary file in the /tmp directory. A remote\nattacker could send a specially crafted SOAP message that, when processed\nby an application using Apache CXF, would use an excessive amount of disk\nspace, possibly causing a denial of service. (CVE-2014-0110)\n\nIt was found that Jolokia was vulnerable to Cross-Site Request Forgery\n(CSRF) attacks. A remote attacker could provide a specially crafted web\npage that, when visited by a user logged in to Jolokia, could allow the\nattacker to execute arbitrary methods on MBeans exposed via JMX.\n(CVE-2014-0168)\n\nIt was found that the Spring Framework did not, by default, disable the\nresolution of URI references in a DTD declaration when processing\nuser-provided XML documents. By observing differences in response times, an\nattacker could identify valid IP addresses on the internal network with\nfunctioning web servers. (CVE-2014-0225)\n\nIt was discovered that UsernameTokens were sent in plain text by an Apache\nCXF client that used a Symmetric EncryptBeforeSigning password policy.\nA man-in-the-middle attacker could use this flaw to obtain the user name\nand password used by the client application using Apache CXF.\n(CVE-2014-0035)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nRed Hat would like to thank James Roper of Typesafe for reporting the\nCVE-2014-0193 issue.\n\nAll users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as\nprovided from the Red Hat Customer Portal are advised to apply this\nsecurity update.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2014:1351", url: "https://access.redhat.com/errata/RHSA-2014:1351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.1.0", }, { category: "external", summary: "1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1351.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update", tracking: { current_release_date: "2025-01-26T19:52:59+00:00", generator: { date: "2025-01-26T19:52:59+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.6", }, }, id: "RHSA-2014:1351", initial_release_date: "2014-10-01T18:10:39+00:00", revision_history: [ { date: "2014-10-01T18:10:39+00:00", number: "1", summary: "Initial version", }, { date: "2019-02-20T12:33:57+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-26T19:52:59+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss A-MQ 6.1", product: { name: "Red Hat JBoss A-MQ 6.1", product_id: "Red Hat JBoss A-MQ 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_amq:6.1.0", }, }, }, { category: "product_name", name: "Red Hat JBoss Fuse 6.1", product: { name: "Red Hat JBoss Fuse 6.1", product_id: "Red Hat JBoss Fuse 6.1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:6.1.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2014-0034", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093529", }, ], notes: [ { category: "description", text: "It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.", title: "Vulnerability description", }, { category: "summary", text: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0034", }, { category: "external", summary: "RHBZ#1093529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093529", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0034", url: "https://www.cve.org/CVERecord?id=CVE-2014-0034", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0034", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid", }, { cve: "CVE-2014-0035", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093530", }, ], notes: [ { category: "description", text: "It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF.", title: "Vulnerability description", }, { category: "summary", text: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0035", }, { category: "external", summary: "RHBZ#1093530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093530", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0035", url: "https://www.cve.org/CVERecord?id=CVE-2014-0035", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0035", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy", }, { cve: "CVE-2014-0074", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2014-03-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1072603", }, ], notes: [ { category: "description", text: "It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.", title: "Vulnerability description", }, { category: "summary", text: "Shiro: successful authentication without specifying user name or password", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0074", }, { category: "external", summary: "RHBZ#1072603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1072603", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0074", url: "https://www.cve.org/CVERecord?id=CVE-2014-0074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0074", }, ], release_date: "2014-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Shiro: successful authentication without specifying user name or password", }, { cve: "CVE-2014-0107", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2014-03-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1080248", }, ], notes: [ { category: "description", text: "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", title: "Vulnerability description", }, { category: "summary", text: "Xalan-Java: insufficient constraints in secure processing feature", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0107", }, { category: "external", summary: "RHBZ#1080248", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1080248", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0107", url: "https://www.cve.org/CVERecord?id=CVE-2014-0107", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", }, { category: "external", summary: "http://www.ocert.org/advisories/ocert-2014-002.html", url: "http://www.ocert.org/advisories/ocert-2014-002.html", }, ], release_date: "2014-03-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Xalan-Java: insufficient constraints in secure processing feature", }, { cve: "CVE-2014-0109", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093526", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.", title: "Vulnerability description", }, { category: "summary", text: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0109", }, { category: "external", summary: "RHBZ#1093526", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093526", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0109", url: "https://www.cve.org/CVERecord?id=CVE-2014-0109", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0109", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: HTML content posted to SOAP endpoint could cause OOM errors", }, { cve: "CVE-2014-0110", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-05-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1093527", }, ], notes: [ { category: "description", text: "It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "CXF: Large invalid content could cause temporary space to fill", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0110", }, { category: "external", summary: "RHBZ#1093527", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1093527", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0110", url: "https://www.cve.org/CVERecord?id=CVE-2014-0110", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0110", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "CXF: Large invalid content could cause temporary space to fill", }, { cve: "CVE-2014-0168", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, discovery_date: "2014-04-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1084838", }, ], notes: [ { category: "description", text: "It was found that Jolokia was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user logged in to Jolokia, could allow the attacker to execute arbitrary methods on MBeans exposed via JMX.", title: "Vulnerability description", }, { category: "summary", text: "Jolokia: cross-site request forgery (CSRF)", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0168", }, { category: "external", summary: "RHBZ#1084838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084838", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0168", url: "https://www.cve.org/CVERecord?id=CVE-2014-0168", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0168", }, ], release_date: "2014-04-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Jolokia: cross-site request forgery (CSRF)", }, { acknowledgments: [ { names: [ "James Roper", ], organization: "Typesafe", }, ], cve: "CVE-2014-0193", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2014-04-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1092783", }, ], notes: [ { category: "description", text: "A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "netty: DoS via memory exhaustion during data aggregation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0193", }, { category: "external", summary: "RHBZ#1092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1092783", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0193", url: "https://www.cve.org/CVERecord?id=CVE-2014-0193", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", }, ], release_date: "2014-05-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "netty: DoS via memory exhaustion during data aggregation", }, { cve: "CVE-2014-0225", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, discovery_date: "2014-06-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1110110", }, ], notes: [ { category: "description", text: "It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning web servers.", title: "Vulnerability description", }, { category: "summary", text: "Framework: Information disclosure via SSRF", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2014-0225", }, { category: "external", summary: "RHBZ#1110110", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1110110", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2014-0225", url: "https://www.cve.org/CVERecord?id=CVE-2014-0225", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", url: "https://nvd.nist.gov/vuln/detail/CVE-2014-0225", }, ], release_date: "2014-05-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2014-10-01T18:10:39+00:00", details: "The References section of this erratum contains a download link (you must\nlog in to download the update).", product_ids: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2014:1351", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "Red Hat JBoss A-MQ 6.1", "Red Hat JBoss Fuse 6.1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Framework: Information disclosure via SSRF", }, ], }
fkie_cve-2014-0225
Vulnerability from fkie_nvd
Published
2017-05-25 17:29
Modified
2024-11-21 02:01
Severity ?
Summary
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2014-0225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2014-0225 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pivotal_software:spring_framework:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C4552840-9F26-478E-8875-5B2809C7FD69", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_framework:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4A6266B7-5676-4786-9A5C-1E31D21DC76D", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E02D9007-1215-4FD1-822A-BA95748E75D8", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1C04E981-6FF9-4842-912B-EB5D3E9E7A68", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "B5CBB128-9F47-45ED-8A4A-62C6439D01DC", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0915A639-5F69-4054-A01D-D6E9B9DAF277", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3812C2F2-E861-4038-9D80-4C2EB311AA90", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "99B37852-F488-4FA1-894B-A5B390567CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "8AE8E872-CC85-44A9-A3FC-EEDCDE4E2DCC", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "B9D5172D-5E19-40C1-8C1B-CC22706E780D", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "46E410D2-DA53-4806-B296-451C3D9CDEEA", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "753C95ED-5162-4156-B8A1-011A1DAADAD9", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "1996FA84-C504-4010-9984-B563514F1AB9", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B61F3E25-A415-4A25-91D6-4FBA6F575AAB", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8A2C4C81-2E79-411C-AEB8-A5E40FC28D31", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "010915FE-3BCE-4652-8D8B-47EE085F3BEE", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D16C8EFA-F1E4-48C3-BC86-A132873426C4", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "F2260DAE-0090-4624-A6BF-1F9406659C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D57791EA-3A91-4BEE-AF1F-B64D0FC47723", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.0:rc2-a:*:*:*:*:*:*", matchCriteriaId: "DA88332D-07C0-4C95-BC27-75536F09613B", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D2E2EA60-735E-431E-BEFE-DC5C1046E532", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "DFD1FA92-7BFC-4874-89FC-BE0F378F0DB3", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7CC0E26F-2E8B-4B30-8C43-8BD2015EBB88", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "3CB73406-5FE4-438E-BCB7-57FBF6EC38D0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "B76F06BC-F53E-4E37-B84F-3E992D459A49", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "DD8CC0CF-61DE-4E3A-80DD-4AD34EBDF419", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "09D49870-9E17-4049-9ABB-311C319A0E8F", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "EB9CE889-FBC5-4078-ABAC-8BC6CA235D04", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "4A94E509-0E06-4FD0-BA61-292515031BAD", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "B5CF3CDB-339A-46A5-BCFE-4DF4120EAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A0A0C100-FAD1-4004-AA42-AE508F4D540E", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BE8D78C3-5C4D-4FAD-BC0F-1AD8C55D88F2", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BDB13067-D890-414E-B7CD-A3C11A1DBC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "0AA135B9-819D-4FAF-8F98-EA4549575327", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.", }, { lang: "es", value: "Al procesar un documento XML proporcionado por el usuario, el Framework Spring, versiones de la 4.0.0 a la 4.0.4 y de la 3.0.0 a la 3.2.8 y otras versiones anteriores ya no soportadas, no desactiva por defecto la resolución de las referencias URI en una declaración DTD, lo que habilita ataques de tipo XXE.", }, ], id: "CVE-2014-0225", lastModified: "2024-11-21T02:01:41.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-25T17:29:00.207", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2014-0225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2014-0225", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.