RHSA-2015:0765HighCVSS 4.8

Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.0.0 security update

Published
March 31, 2015
Last Modified
June 27, 2026

🔗 CVE IDs covered (13)

📋 Description

CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-4002 — OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-5855 — JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions CVE-2014-0075 — Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-0096 — Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs CVE-2014-0099 — Tomcat/JBossWeb: Request smuggling via malicious content length header CVE-2014-0119 — Tomcat/JBossWeb: XML parser hijack by malicious web application CVE-2014-0193 — netty: DoS via memory exhaustion during data aggregation CVE-2014-0227 — Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter CVE-2014-3481 — JAX-RS: Information disclosure via XML eXternal Entity (XXE) CVE-2014-3490 — RESTEasy: XXE via parameter entities CVE-2014-3530 — PicketLink: XXE via insecure DocumentBuilderFactory usage CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

🔗 References (17)