Описание
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss Data Virtualization 6 | Teiid | Affected | ||
| Red Hat JBoss SOA Platform 5 | Security | Affected | ||
| JBEWP 5 for RHEL 5 | resteasy | Fixed | RHSA-2012:1058 | 05.07.2012 |
| JBEWP 5 for RHEL 6 | resteasy | Fixed | RHSA-2012:1058 | 05.07.2012 |
| JBoss Enterprise BRMS Platform 5.2 | Fixed | RHSA-2012:0441 | 02.04.2012 | |
| Red Hat JBoss BPMS 6.0 | security | Fixed | RHSA-2014:0371 | 03.04.2014 |
| Red Hat JBoss BRMS 6.0 | security | Fixed | RHSA-2014:0372 | 03.04.2014 |
| Red Hat JBoss Enterprise Application Platform 5.1 | Fixed | RHSA-2012:1056 | 05.07.2012 | |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 | resteasy | Fixed | RHSA-2012:1059 | 05.07.2012 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=785631RESTEasy: XML eXternal Entity (XXE) flaw
EPSS
Процентиль: 80%
0.01376
Низкий
5 Medium
CVSS2
Связанные уязвимости
nvd
около 13 лет назад
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
EPSS
Процентиль: 80%
0.01376
Низкий
5 Medium
CVSS2