CVE-2014-3481

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (JEAP) versions prior to 6.2.4

Description The issue is related to an XML External Entity (XXE) problem, where the org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor enables entity expansion. This allows remote attackers to read arbitrary files via unspecified vectors.

Recommendations For versions prior to 6.2.4, update to version 6.2.4 or later to resolve the issue. As a temporary workaround, consider disabling the org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor to minimize the risk of exploitation.