Описание
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.
Отчет
This issue was fixed in EAP 7.1.0, but was not fixed in 7.0.7 On Red Hat Satellite 6.5 this issue is fixed through the candlepin package update (candlepin 2.5.8), which contains a non-vulnerable version of RESTEasy.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | resteasy-base | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | vdsm-jsonrpc-java | Under investigation | ||
| Red Hat JBoss BRMS 5 | Security | Will not fix | ||
| Red Hat JBoss Data Grid 6 | Build | Not affected | ||
| Red Hat JBoss Data Grid 7 | resteasy | Affected | ||
| Red Hat JBoss Data Virtualization 6 | RESTEasy | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 7 | resteasy | Affected | ||
| Red Hat JBoss Fuse 6 | SwitchYard | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | RESTEasy | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Связанные уязвимости
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...
EPSS
7.5 High
CVSS3
5 Medium
CVSS2