The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-07-22T20:00:00

Updated: 2024-08-06T10:50:16.323Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3530

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-07-22T20:55:01.890

Modified: 2024-11-21T02:08:18.727

Link: CVE-2014-3530

cve-icon Redhat

Severity : Important

Publid Date: 2014-07-15T00:00:00Z

Links: CVE-2014-3530 - Bugzilla