CVE-2012-0818
RESTEasy: XML eXternal Entity (XXE) flaw
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
RESTEasy anterior a v2.3.1 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en un documento DOM, también conocido como un ataque de inyección XML de entidad externa (XXE)
Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual machines running Red Hat Enterprise Linux and Microsoft Windows. These packages also include the Red Hat Enterprise Virtualization Manager REST API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker who is able to access the Red Hat Enterprise Virtualization Manager REST API submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-01-19 CVE Reserved
- 2012-03-26 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (23)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/48697 | Third Party Advisory | |
http://secunia.com/advisories/48954 | Third Party Advisory | |
http://secunia.com/advisories/57716 | Third Party Advisory | |
http://secunia.com/advisories/57719 | Third Party Advisory | |
http://www.osvdb.org/78679 | Vdb Entry | |
http://www.securityfocus.com/bid/51748 | Vdb Entry | |
http://www.securityfocus.com/bid/51766 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://issues.jboss.org/browse/RESTEASY-637 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2012-0441.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-0519.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-1056.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-1057.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-1058.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-1059.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2012-1125.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0371.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2014-0372.html | 2023-02-13 | |
http://secunia.com/advisories/47818 | 2023-02-13 | |
http://secunia.com/advisories/47832 | 2023-02-13 | |
http://secunia.com/advisories/50084 | 2023-02-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=785631 | 2014-04-03 | |
https://access.redhat.com/security/cve/CVE-2012-0818 | 2014-04-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | <= 2.3.0 Search vendor "Redhat" for product "Resteasy" and version " <= 2.3.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 1.0.0 Search vendor "Redhat" for product "Resteasy" and version "1.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 1.0.1 Search vendor "Redhat" for product "Resteasy" and version "1.0.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 1.0.2 Search vendor "Redhat" for product "Resteasy" and version "1.0.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 1.1 Search vendor "Redhat" for product "Resteasy" and version "1.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 1.2 Search vendor "Redhat" for product "Resteasy" and version "1.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.0.0 Search vendor "Redhat" for product "Resteasy" and version "2.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.0.1 Search vendor "Redhat" for product "Resteasy" and version "2.0.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.1.0 Search vendor "Redhat" for product "Resteasy" and version "2.1.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.2.0 Search vendor "Redhat" for product "Resteasy" and version "2.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.2.1 Search vendor "Redhat" for product "Resteasy" and version "2.2.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.2.2 Search vendor "Redhat" for product "Resteasy" and version "2.2.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Resteasy Search vendor "Redhat" for product "Resteasy" | 2.2.3 Search vendor "Redhat" for product "Resteasy" and version "2.2.3" | - |
Affected
|