Описание
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | resteasy | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | resteasy-core | Not affected | ||
| Red Hat JBoss Fuse 6 | resteasy | Not affected | ||
| Red Hat Enterprise Linux 7 | resteasy-base | Fixed | RHSA-2016:2604 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
9 Critical
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7 ...
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
ELSA-2016-2604: resteasy-base security and bug fix update (IMPORTANT)
9 Critical
CVSS3
6.8 Medium
CVSS2