CVE-2013-6447

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.

🔗 References (10)

• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0045.html
• secalert@redhathttp://secunia.com/advisories/56572
• secalert@redhathttp://www.securitytracker.com/id/1029652
• secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=1044784
• secalert@redhathttps://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5
• af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0045.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56572
• af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029652
• af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1044784
• af854a3a-2127-422b-91ae-364da2661108https://github.com/seam2/jboss-seam/commit/090aa6252affc978a96c388e3fc2c1c2688d9bb5