Vulnerabilities > CVE-2014-8125 - XML External Entity Information Disclosure vulnerability in jBPM and Drools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Redhat
advisories |
|
References
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1169553
- https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3
- https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5