Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6347

Опубликовано: 01 сент. 2016
Источник: redhat
CVSS3: 5.4
CVSS2: 4.3

Описание

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

It was found that the default exception handler in RESTEasy did not properly validate user input. An attacker could use this flaw to launch a relected XSS attack.

Отчет

This issue affects the versions of RESTEasy as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having a security impact of Moderate. Additionally Red Hat Satellite does not use the default ExceptionMapper, and the custom exception handler does not allow return type of text/html. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6Build and AssemblyNot affected
Red Hat Enterprise Linux 7resteasy-baseWill not fix
Red Hat Enterprise Virtualization 3vdsm-jsonrpc-javaUnder investigation
Red Hat JBoss BRMS 5SecurityWill not fix
Red Hat JBoss BRMS 6Build and AssemblyNot affected
Red Hat JBoss Data Grid 6BuildNot affected
Red Hat JBoss Data Grid 7resteasyAffected
Red Hat JBoss Data Virtualization 6ProductizationNot affected
Red Hat JBoss Enterprise Application Platform 5jbossasWill not fix
Red Hat JBoss Enterprise Application Platform 6RESTEasyNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1372124RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack

5.4 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6347

CVSS3: 6.1
ubuntu
почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd логотип

CVE-2016-6347

CVSS3: 6.1
nvd
почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

debian логотип

CVE-2016-6347

CVSS3: 6.1
debian
почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the default exception hand ...

github логотип

GHSA-r346-rmrg-qpgh

CVSS3: 6.1
github
больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in RESTEasy

5.4 Medium

CVSS3

4.3 Medium

CVSS2