CVE-2016-9606
Resteasy: Yaml unmarshalling vulnerable to RCE
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy, en versiones anteriores a la 3.1.2, podría ser forzado a analizar una petición con YamlProvider, lo que resulta en la deserialización de datos potencialmente no fiables. Esto podría permitir que un atacante ejecute código arbitrario con permisos de aplicación RESTEasy.
It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2017-05-19 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94940 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038524 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-1255.html | 2018-10-12 | |
| http://rhn.redhat.com/errata/RHSA-2017-1409.html | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1253 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1254 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1256 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1260 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1410 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1411 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1412 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1675 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2017:1676 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2018:2909 | 2018-10-12 | |
| https://access.redhat.com/errata/RHSA-2018:2913 | 2018-10-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1400644 | 2018-10-11 | |
| https://access.redhat.com/security/cve/CVE-2016-9606 | 2018-10-11 |