Описание
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
It was found that in some configurations the JacksonJsonpInterceptor is activated by default in RESTEasy. An attacker could use this flaw to launch a Cross Site Scripting Inclusion attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | Build and Assembly | Will not fix | ||
| Red Hat Enterprise Linux 7 | resteasy-base | Fix deferred | ||
| Red Hat Enterprise Virtualization 3 | vdsm-jsonrpc-java | Under investigation | ||
| Red Hat JBoss BRMS 5 | Security | Will not fix | ||
| Red Hat JBoss BRMS 6 | Build and Assembly | Will not fix | ||
| Red Hat JBoss Data Grid 6 | Build | Not affected | ||
| Red Hat JBoss Data Grid 7 | resteasy | Affected | ||
| Red Hat JBoss Data Virtualization 6 | Productization | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 6 | RESTEasy | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...
JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
EPSS
3.1 Low
CVSS3
2.6 Low
CVSS2