Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-9606

Опубликовано: 09 мар. 2018
Источник: debian
EPSS Низкий

Описание

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
resteasyfixed3.1.4-1package
resteasyno-dsajessiepackage
resteasy3.0fixed3.0.26-1package

Примечания

  • See CVE-2018-1051 to address original incomplete fix for CVE-2016-9606

EPSS

Процентиль: 82%
0.01752
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-9606

CVSS3: 8.1
ubuntu
почти 8 лет назад

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

redhat логотип

CVE-2016-9606

CVSS3: 8.1
redhat
около 9 лет назад

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

nvd логотип

CVE-2016-9606

CVSS3: 8.1
nvd
почти 8 лет назад

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

github логотип

GHSA-hgjr-xwj3-jfvw

CVSS3: 8.1
github
больше 3 лет назад

JBoss RESTEasy vulnerable to Improper Input Validation

fstec логотип

BDU:2024-01097

CVSS3: 8.1
fstec
около 9 лет назад

Уязвимость компонента YamlProvider программного средства RESTEasy, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 82%
0.01752
Низкий