Page 2 of 8 results (0.009 seconds)

CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-9606 – Resteasy: Yaml unmarshalling vulnerable to RCE

https://notcve.org/view.php?id=CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. JBoss RESTEasy, en versiones anteriores a la 3.1.2, podría ser forzado a analizar una petición con YamlProvider, lo que resulta en la deserialización de datos potencialmente no fiables. Esto podría permitir que un atacante ejecute código arbitrario con permisos de aplicación RESTEasy. It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. • http://rhn.redhat.com/errata/RHSA-2017-1255.html http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/94940 http://www.securitytracker.com/id/1038524 https://access.redhat.com/errata/RHSA-2017:1253 https://access.redhat.com/errata/RHSA-2017:1254 https://access.redhat.com/errata/RHSA-2017:1256 https://access.redhat.com/errata/RHSA-2017:1260 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 h • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2011-5245 – RESTEasy: XML eXternal Entity (XXE) flaw

https://notcve.org/view.php?id=CVE-2011-5245

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. La función ReadFrom en providers.jaxb.JAXBXmlTypeProvider en RESTEasy anterior a v2.3.2 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en una entrada Java Architecture for XML Binding (JAXB), también conocido como ataque de inyección XML de entidad externa (XXE), una vulnerabilidad CVE-similar a 2.012-0.818. • http://rhn.redhat.com/errata/RHSA-2012-0441.html http://rhn.redhat.com/errata/RHSA-2012-0519.html http://rhn.redhat.com/errata/RHSA-2012-1056.html http://rhn.redhat.com/errata/RHSA-2012-1057.html http://rhn.redhat.com/errata/RHSA-2012-1058.html http://rhn.redhat.com/errata/RHSA-2012-1059.html http://rhn.redhat.com/errata/RHSA-2012-1125.html http://rhn.redhat.com/errata/RHSA-2014-0371.html http://rhn.redhat.com/errata/RHSA-2014-0372.html http://secuni • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2012-0818 – RESTEasy: XML eXternal Entity (XXE) flaw

https://notcve.org/view.php?id=CVE-2012-0818

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. RESTEasy anterior a v2.3.1 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en un documento DOM, también conocido como un ataque de inyección XML de entidad externa (XXE) • http://rhn.redhat.com/errata/RHSA-2012-0441.html http://rhn.redhat.com/errata/RHSA-2012-0519.html http://rhn.redhat.com/errata/RHSA-2012-1056.html http://rhn.redhat.com/errata/RHSA-2012-1057.html http://rhn.redhat.com/errata/RHSA-2012-1058.html http://rhn.redhat.com/errata/RHSA-2012-1059.html http://rhn.redhat.com/errata/RHSA-2012-1125.html http://rhn.redhat.com/errata/RHSA-2014-0371.html http://rhn.redhat.com/errata/RHSA-2014-0372.html http://secuni • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •