CVE-2016-9606

Published: Mar 9, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Vendor	Product	Versions
Red Hat, Inc.	RESTEasy	affected `3.1.2`

Weaknesses (CWE)

CWE-20

References

RHSA-2017:1411

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1409

vendor-advisory

x_refsource_REDHAT

94940

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1400644

x_refsource_CONFIRM

RHSA-2017:1675

vendor-advisory

x_refsource_REDHAT

1038524

vdb-entry

x_refsource_SECTRACK

RHSA-2017:1254

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1410

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1255

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1412

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2909

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1256

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1253

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1260

vendor-advisory

x_refsource_REDHAT

RHSA-2017:1676

vendor-advisory

x_refsource_REDHAT

RHSA-2018:2913

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-9606

Description

Affected Products

Weaknesses (CWE)

References