CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6347
https://notcve.org/view.php?id=CVE-2016-6347
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS el controlador de excepciones por defecto en RESTEasy permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92759 https://bugzilla.redhat.com/show_bug.cgi?id=1372124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6348
https://notcve.org/view.php?id=CVE-2016-6348
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. JacksonJsonpInterceptor en RESTEasy podría permitir a atacantes remotos conducir un ataque XSSI. • https://bugzilla.redhat.com/show_bug.cgi?id=1372129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6345
https://notcve.org/view.php?id=CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. RESTEasy permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del "uso insuficiente de valores aleatorios" en async jobs. • http://www.securityfocus.com/bid/92746 https://bugzilla.redhat.com/show_bug.cgi?id=1372117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2016-6346 – RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
https://notcve.org/view.php?id=CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. RESTEasy habilita GZIPInterceptor, lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack. • http://rhn.redhat.com/errata/RHSA-2017-0517.html http://rhn.redhat.com/errata/RHSA-2017-0826.html http://rhn.redhat.com/errata/RHSA-2017-0827.html http://rhn.redhat.com/errata/RHSA-2017-0828.html http://rhn.redhat.com/errata/RHSA-2017-0829.html http://www.securityfocus.com/bid/92744 https://access.redhat.com/errata/RHSA-2017:1675 https://access.redhat.com/errata/RHSA-2017:1676 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/ •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7839 – RESTeasy: External entities expanded by DocumentProvider
https://notcve.org/view.php?id=CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. DocumentProvider en RESTEasy 2.3.7 y 3.0.9 no configura las caracteristicas (1) external-general-entities o (2) external-parameter-entities, lo que permite a atacantes remotos realizar ataques de entidad externa XML (XXE) a través de vectores no especificados. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity (XXE) attacks. • http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0773.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://secunia.com/advisories/62580 https://issues.jboss.org/browse/RESTEASY-1130 https://access.redhat.com/security/cve/CVE-2014-7839 https://bugzilla.redhat.com/show_bug.cgi?id=1165328 • CWE-20: Improper Input Validation CWE-611: Improper Restriction of XML External Entity Reference •