Описание
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss Data Virtualization 6 | Teiid | Affected | ||
| Red Hat JBoss SOA Platform 5 | Security | Affected | ||
| Red Hat Storage 2.1 | resteasy | Affected | ||
| JBEWP 5 for RHEL 5 | resteasy | Fixed | RHSA-2012:1058 | 05.07.2012 |
| JBEWP 5 for RHEL 6 | resteasy | Fixed | RHSA-2012:1058 | 05.07.2012 |
| JBoss Enterprise BRMS Platform 5.2 | Fixed | RHSA-2012:0441 | 02.04.2012 | |
| Red Hat JBoss BPMS 6.0 | security | Fixed | RHSA-2014:0371 | 03.04.2014 |
| Red Hat JBoss BRMS 6.0 | security | Fixed | RHSA-2014:0372 | 03.04.2014 |
| Red Hat JBoss Enterprise Application Platform 5.1 | Fixed | RHSA-2012:1056 | 05.07.2012 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=785631RESTEasy: XML eXternal Entity (XXE) flaw
5 Medium
CVSS2
Связанные уязвимости
nvd
около 13 лет назад
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
5 Medium
CVSS2