CVE-2014-0119

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 27-05-2014 02:00

Last modified: - 27-05-2014 02:00

Total changes: - 21

Description

CVE-2014-0119 Tomcat/JBossWeb: XML parser hijack by malicious web application

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:S/C:P/I:N/A:N

High

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

-

Privileges required

-

Scope

-

User interaction

2.1

Base score

Exploitability score

Impact score

Verification logic

OR

AND

product=Tomcat AND versionEndExcluding=6.0.24-78.el6_5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=6

AND

product=Tomcat AND versionEndExcluding=7.0.42-8.el7_0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=7

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_bpms AND version=6.0

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_brms AND version=6.0

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_data_grid AND version=6.3.0

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_data_virtualization AND version=6.0

AND

vendor=Red Hat Enterprise Linux AND product=jboss_data_virtualization AND version=6.1

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=6.2.4

AND

product=jbossweb-0 AND versionEndExcluding=7.3.2-4.Final_redhat_3.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=6

AND

product=jbossweb-0 AND versionEndExcluding=7.3.2-4.Final_redhat_3.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=6

AND

product=antlr-eap6-0 AND versionEndExcluding=2.7.7-17.redhat_4.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-collections-eap6-0 AND versionEndExcluding=3.2.1-15.redhat_3.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-eap6-1 AND versionEndExcluding=1.0.15-5.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-jsvc-eap6-1 AND versionEndExcluding=1.0.15-6.redhat_2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-pool-eap6-0 AND versionEndExcluding=1.6-7.redhat_6.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=dom4j-eap6-0 AND versionEndExcluding=1.6.1-20.redhat_6.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=ecj3-1 AND versionEndExcluding=3.7.2-9.redhat_3.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=hibernate4-eap6-0 AND versionEndExcluding=4.2.14-3.SP1_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=httpd-0 AND versionEndExcluding=2.2.26-35.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=javassist-eap6-0 AND versionEndExcluding=3.18.1-1.GA_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-logging-0 AND versionEndExcluding=3.1.4-1.GA_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-transaction-api_1.1_spec-0 AND versionEndExcluding=1.0.1-12.Final_redhat_2.2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-0 AND versionEndExcluding=1.2.9-1.Final_redhat_1.1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-native-0 AND versionEndExcluding=1.2.9-3.Final_redhat_2.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_jk-0 AND versionEndExcluding=1.2.40-2.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_rt-0 AND versionEndExcluding=2.4.1-6.GA.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_snmp-0 AND versionEndExcluding=2.4.1-13.GA.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc6-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.3.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc7-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.5.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=6.0.41-6_patch_02.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=7.0.54-6_patch_02.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=1.1.30-2.redhat_1.ep6.el5

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=antlr-eap6-0 AND versionEndExcluding=2.7.7-17.redhat_4.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-collections-eap6-0 AND versionEndExcluding=3.2.1-15.redhat_3.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-eap6-1 AND versionEndExcluding=1.0.15-5.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-daemon-jsvc-eap6-1 AND versionEndExcluding=1.0.15-6.redhat_2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-logging-eap6-0 AND versionEndExcluding=1.1.1-7.9_redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=apache-commons-pool-eap6-0 AND versionEndExcluding=1.6-7.redhat_6.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=dom4j-eap6-0 AND versionEndExcluding=1.6.1-20.redhat_6.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=ecj3-1 AND versionEndExcluding=3.7.2-9.redhat_3.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=hibernate4-eap6-0 AND versionEndExcluding=4.2.14-3.SP1_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=httpd-0 AND versionEndExcluding=2.2.26-35.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=javassist-eap6-0 AND versionEndExcluding=3.18.1-1.GA_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-logging-0 AND versionEndExcluding=3.1.4-1.GA_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jboss-transaction-api_1.1_spec-0 AND versionEndExcluding=1.0.1-12.Final_redhat_2.2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-0 AND versionEndExcluding=1.2.9-1.Final_redhat_1.1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_cluster-native-0 AND versionEndExcluding=1.2.9-3.Final_redhat_2.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_jk-0 AND versionEndExcluding=1.2.40-2.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_rt-0 AND versionEndExcluding=2.4.1-6.GA.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=mod_snmp-0 AND versionEndExcluding=2.4.1-13.GA.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc6-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.3.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=storeconfig-tc7-0 AND versionEndExcluding=0.0.1-7.Alpha3_redhat_12.5.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=6.0.41-5_patch_02.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=7.0.54-6_patch_02.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=Tomcat AND versionEndExcluding=1.1.30-2.redhat_1.ep6.el6

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_fuse_service_works AND version=6.0

AND

product=jbossweb

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_portal_platform AND version=6.2

AND

product=Tomcat

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2.1

AND

product=Tomcat

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=2.1

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5

AND

product=jbossweb AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=5

AND

product=others AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=Tomcat AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=jbossweb AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_operations_network AND version=3

Reference

Keywords

REDHAT

CVE-2014-0119

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.