CVE search results

11 – 20 of 21 results

Detailed view

Sort by:

CVE-2016-9606

Medium priority

Ignored

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with...

1 affected package

resteasy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release

CVE-2018-1051

Low priority

Ignored

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

CVE-2017-7561

Medium priority

Vulnerable

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Vulnerable

CVE-2016-7050

Medium priority

Some fixes available 1 of 4

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

CVE-2017-7492

Negligible priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7503. Reason: This candidate is a reservation duplicate of CVE-2017-7503. Notes: All CVE users should reference CVE-2017-7503 instead of this candidate. All...

1 affected package

resteasy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	—	—	—	—

CVE-2016-6347

Medium priority

Some fixes available 1 of 12

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

CVE-2016-6348

Medium priority

Some fixes available 1 of 12

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

CVE-2016-9571

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9606. Reason: This candidate is a duplicate of CVE-2016-9606. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All...

1 affected package

resteasy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	—	—	—	—

CVE-2016-6346

Low priority

Some fixes available 1 of 4

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

CVE-2016-6345

Medium priority

Some fixes available 1 of 12

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.

2 affected packages

resteasy, resteasy3.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
resteasy	Not affected	Not affected	Not affected	Not in release
resteasy3.0	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports