CVE-2014-3490
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Incorrect Privilege Assignment in RESTEasy
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83
Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jboss.resteasy:resteasy-client | >=2.3.1,<2.3.8.SP2 | 2.3.8.SP2 |
| Maven | org.jboss.resteasy:resteasy-client | >=3.0.0,<3.0.9.Final | 3.0.9.Final |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | 6.3.0 | |
| redhat | resteasy | {"startIncluding":"2.3.1","endIncluding":"2.3.7.2"} | |
| redhat | resteasy | 3.0 | |
References
- http://rhn.redhat.com/errata/RHSA-2014-1011.html
- http://rhn.redhat.com/errata/RHSA-2014-1039.html
- http://rhn.redhat.com/errata/RHSA-2014-1040.html
- http://rhn.redhat.com/errata/RHSA-2014-1298.html
- http://rhn.redhat.com/errata/RHSA-2015-0125.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://secunia.com/advisories/60019
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.securityfocus.com/bid/69058
- https://github.com/resteasy/Resteasy/pull/521
- https://github.com/resteasy/Resteasy/pull/533
- https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83
- https://nvd.nist.gov/vuln/detail/CVE-2014-3490
Verify integrity in audit chain (admin only). AS-IS.