CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6347
https://notcve.org/view.php?id=CVE-2016-6347
20 Apr 2017 — Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS el controlador de excepciones por defecto en RESTEasy permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6348
https://notcve.org/view.php?id=CVE-2016-6348
12 Apr 2017 — JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. JacksonJsonpInterceptor en RESTEasy podría permitir a atacantes remotos conducir un ataque XSSI. • https://bugzilla.redhat.com/show_bug.cgi?id=1372129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6345
https://notcve.org/view.php?id=CVE-2016-6345
07 Sep 2016 — RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. RESTEasy permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del "uso insuficiente de valores aleatorios" en async jobs. • http://www.securityfocus.com/bid/92746 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-6346 – RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
https://notcve.org/view.php?id=CVE-2016-6346
07 Sep 2016 — RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. RESTEasy habilita GZIPInterceptor, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based o... • http://rhn.redhat.com/errata/RHSA-2017-0517.html •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-7839 – RESTeasy: External entities expanded by DocumentProvider
https://notcve.org/view.php?id=CVE-2014-7839
25 Nov 2014 — DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. DocumentProvider en RESTEasy 2.3.7 y 3.0.9 no configura las caracteristicas (1) external-general-entities o (2) external-parameter-entities, lo que permite a atacantes remotos realizar ataques de entidad externa XML (XXE) a través de vectores no especificados. It was f... • http://rhn.redhat.com/errata/RHSA-2015-0675.html • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 0CVE-2014-3490 – RESTEasy: XXE via parameter entities
https://notcve.org/view.php?id=CVE-2014-3490
07 Aug 2014 — RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818. RESTEasy 2.3.1 anterior a 2.3.8.SP... • http://rhn.redhat.com/errata/RHSA-2014-1011.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2011-5245 – RESTEasy: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2011-5245
23 Nov 2012 — The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. La función ReadFrom en providers.jaxb.JAXBXmlTypeProvider en RESTEasy anterior a v2.3.2 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en una en... • http://rhn.redhat.com/errata/RHSA-2012-0441.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 1%CPEs: 13EXPL: 0CVE-2012-0818 – RESTEasy: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-0818
23 Nov 2012 — RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. RESTEasy anterior a v2.3.1 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en un documento DOM, también conocido como un ataque de inyección XML de entidad externa (XXE) Red Hat JBoss BPM Suite is a business rules management system for the management, storage, creation, modification,... • http://rhn.redhat.com/errata/RHSA-2012-0441.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •