Entries by govanguard

Comment on Choosing a Privacy and Security Framework Doesn’t Have to Be An “Either-or” Proposition: The HITRUST CSF for HIPAA and NIST CsF by Cathlynn Nigh

Dr. Cline, thank you for this information. In my relationship with my clients, it is the value of HITRUST by marrying the requirements within NIST, HIPAA and others that is a major selling point…for both the clients Executive Leadership to complete the “HITRUST Journey” and with their customers (and potential customers). You cannot present a […]

Source

CVE-2014-3558 (hibernate_validator)

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application. Source

Source

CVE-2014-3490 (jboss_enterprise_application_platform, resteasy)

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) […]

Source