Описание
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
Отчет
YamlProvider was removed the default list of providers to prevent a malicous user from requesting a payload be marshalled with Yaml. If marshalling of Yaml content is desired, add, or append a file with the name 'META-INF/services/javax.ws.rs.ext.Providers' to your WAR, or JAR with the contents 'org.jboss.resteasy.plugins.providers.YamlProvider' If YamlProvider is re-added to the default list of providers it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerablilty.
Меры по смягчению последствий
Add authentication and authorization to any Resteasy endpoint which doesn't define a mime type, or defines a multipart mime type.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | resteasy | Affected | ||
| Red Hat Enterprise Linux 7 | resteasy-base | Not affected | ||
| Red Hat JBoss BRMS 6 | resteasy | Affected | ||
| Red Hat JBoss Fuse 6 | resteasy | Not affected | ||
| Red Hat JBoss Operations Network 3 | resteasy | Not affected | ||
| Red Hat JBoss Portal Platform 6.2 | resteasy | Not affected | ||
| Red Hat Mobile Application Platform 4 | millicore | Not affected | ||
| Red Hat Single Sign-On 7 | resteasy | Not affected | ||
| Red Hat JBoss BPMS 6.4 | Fixed | RHSA-2017:1675 | 04.07.2017 | |
| Red Hat JBoss BPMS 7.1 | Fixed | RHSA-2018:2909 | 11.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...
JBoss RESTEasy vulnerable to Improper Input Validation
Уязвимость компонента YamlProvider программного средства RESTEasy, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2