Описание
JBoss RESTEasy vulnerable to Improper Input Validation
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-9606
- https://access.redhat.com/errata/RHSA-2017:1253
- https://access.redhat.com/errata/RHSA-2017:1254
- https://access.redhat.com/errata/RHSA-2017:1256
- https://access.redhat.com/errata/RHSA-2017:1260
- https://access.redhat.com/errata/RHSA-2017:1410
- https://access.redhat.com/errata/RHSA-2017:1411
- https://access.redhat.com/errata/RHSA-2017:1412
- https://access.redhat.com/errata/RHSA-2017:1675
- https://access.redhat.com/errata/RHSA-2017:1676
- https://access.redhat.com/errata/RHSA-2018:2909
- https://access.redhat.com/errata/RHSA-2018:2913
- https://bugzilla.redhat.com/show_bug.cgi?id=1400644
- http://rhn.redhat.com/errata/RHSA-2017-1255.html
- http://rhn.redhat.com/errata/RHSA-2017-1409.html
- http://www.securityfocus.com/bid/94940
- http://www.securitytracker.com/id/1038524
Пакеты
org.jboss.resteasy:resteasy-bom
< 3.1.2.Final
3.1.2.Final
Связанные уязвимости
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...
Уязвимость компонента YamlProvider программного средства RESTEasy, позволяющая нарушителю выполнить произвольный код