Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for RESTEasy by Red Hat, Inc.

    CVE-2016-9606 (GCVE-0-2016-9606)

    Vulnerability from nvd – Published: 2018-03-09 20:00 – Updated: 2024-09-16 22:30
    VLAI
    Summary
    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1411 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-1409.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/94940 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=1400644 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1675 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038524 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2017:1254 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1410 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-1255.html vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1256 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1253 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1676 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2913 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Date Public
    2016-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1411",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1411"
              },
              {
                "name": "RHSA-2017:1409",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
              },
              {
                "name": "94940",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94940"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
              },
              {
                "name": "RHSA-2017:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1675"
              },
              {
                "name": "1038524",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038524"
              },
              {
                "name": "RHSA-2017:1254",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1254"
              },
              {
                "name": "RHSA-2017:1410",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1410"
              },
              {
                "name": "RHSA-2017:1255",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
              },
              {
                "name": "RHSA-2017:1412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1412"
              },
              {
                "name": "RHSA-2018:2909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2909"
              },
              {
                "name": "RHSA-2017:1256",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1256"
              },
              {
                "name": "RHSA-2017:1253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1253"
              },
              {
                "name": "RHSA-2017:1260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1260"
              },
              {
                "name": "RHSA-2017:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1676"
              },
              {
                "name": "RHSA-2018:2913",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2913"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RESTEasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2016-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:1411",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1411"
            },
            {
              "name": "RHSA-2017:1409",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
            },
            {
              "name": "94940",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94940"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
            },
            {
              "name": "RHSA-2017:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1675"
            },
            {
              "name": "1038524",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038524"
            },
            {
              "name": "RHSA-2017:1254",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1254"
            },
            {
              "name": "RHSA-2017:1410",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1410"
            },
            {
              "name": "RHSA-2017:1255",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
            },
            {
              "name": "RHSA-2017:1412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1412"
            },
            {
              "name": "RHSA-2018:2909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2909"
            },
            {
              "name": "RHSA-2017:1256",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1256"
            },
            {
              "name": "RHSA-2017:1253",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1253"
            },
            {
              "name": "RHSA-2017:1260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1260"
            },
            {
              "name": "RHSA-2017:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1676"
            },
            {
              "name": "RHSA-2018:2913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2913"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2016-12-15T00:00:00",
              "ID": "CVE-2016-9606",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RESTEasy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1411",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1411"
                },
                {
                  "name": "RHSA-2017:1409",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
                },
                {
                  "name": "94940",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94940"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
                },
                {
                  "name": "RHSA-2017:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1675"
                },
                {
                  "name": "1038524",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038524"
                },
                {
                  "name": "RHSA-2017:1254",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1254"
                },
                {
                  "name": "RHSA-2017:1410",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1410"
                },
                {
                  "name": "RHSA-2017:1255",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
                },
                {
                  "name": "RHSA-2017:1412",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1412"
                },
                {
                  "name": "RHSA-2018:2909",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2909"
                },
                {
                  "name": "RHSA-2017:1256",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1256"
                },
                {
                  "name": "RHSA-2017:1253",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1253"
                },
                {
                  "name": "RHSA-2017:1260",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1260"
                },
                {
                  "name": "RHSA-2017:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1676"
                },
                {
                  "name": "RHSA-2018:2913",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2913"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9606",
        "datePublished": "2018-03-09T20:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:30:39.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1051 (GCVE-0-2018-1051)

    Vulnerability from nvd – Published: 2018-01-25 20:00 – Updated: 2024-08-05 03:44
    VLAI
    Summary
    It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat, Inc. resteasy Affected: after 3.0.22
    Affected: after 3.1.2
    Create a notification for this product.
    Date Public
    2018-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:44:11.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "resteasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "after 3.0.22"
                },
                {
                  "status": "affected",
                  "version": "after 3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2018-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-1051",
        "datePublished": "2018-01-25T20:00:00.000Z",
        "dateReserved": "2017-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:44:11.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7561 (GCVE-0-2017-7561)

    Vulnerability from nvd – Published: 2017-09-13 17:00 – Updated: 2024-09-16 22:35
    VLAI
    Summary
    Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:0479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0481 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/100465 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:0002 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0003 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0480 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0005 vendor-advisoryx_refsource_REDHAT
    https://issues.jboss.org/browse/RESTEASY-1704 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:0478 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat, Inc. resteasy Affected: 3.0.7 through before 4.0.0Beta1
    Create a notification for this product.
    Date Public
    2017-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:12.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:0479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0479"
              },
              {
                "name": "RHSA-2018:0481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0481"
              },
              {
                "name": "100465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100465"
              },
              {
                "name": "RHSA-2018:0002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0002"
              },
              {
                "name": "RHSA-2018:0004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0004"
              },
              {
                "name": "RHSA-2018:0003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0003"
              },
              {
                "name": "RHSA-2018:0480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0480"
              },
              {
                "name": "RHSA-2018:0005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.jboss.org/browse/RESTEASY-1704"
              },
              {
                "name": "RHSA-2018:0478",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0478"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "resteasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.7 through before 4.0.0Beta1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:0479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "100465",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100465"
            },
            {
              "name": "RHSA-2018:0002",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0002"
            },
            {
              "name": "RHSA-2018:0004",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0004"
            },
            {
              "name": "RHSA-2018:0003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0003"
            },
            {
              "name": "RHSA-2018:0480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "RHSA-2018:0005",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.jboss.org/browse/RESTEASY-1704"
            },
            {
              "name": "RHSA-2018:0478",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2017-08-22T00:00:00",
              "ID": "CVE-2017-7561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "resteasy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.0.7 through before 4.0.0Beta1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:0479",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0479"
                },
                {
                  "name": "RHSA-2018:0481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0481"
                },
                {
                  "name": "100465",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100465"
                },
                {
                  "name": "RHSA-2018:0002",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0002"
                },
                {
                  "name": "RHSA-2018:0004",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0004"
                },
                {
                  "name": "RHSA-2018:0003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0003"
                },
                {
                  "name": "RHSA-2018:0480",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0480"
                },
                {
                  "name": "RHSA-2018:0005",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0005"
                },
                {
                  "name": "https://issues.jboss.org/browse/RESTEASY-1704",
                  "refsource": "MISC",
                  "url": "https://issues.jboss.org/browse/RESTEASY-1704"
                },
                {
                  "name": "RHSA-2018:0478",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0478"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7561",
        "datePublished": "2017-09-13T17:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:35:06.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9606 (GCVE-0-2016-9606)

    Vulnerability from cvelistv5 – Published: 2018-03-09 20:00 – Updated: 2024-09-16 22:30
    VLAI
    Summary
    JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:1411 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-1409.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/94940 vdb-entryx_refsource_BID
    https://bugzilla.redhat.com/show_bug.cgi?id=1400644 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1675 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1038524 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2017:1254 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1410 vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2017-1255.html vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2909 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1256 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1253 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1260 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1676 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2913 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Date Public
    2016-12-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:1411",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1411"
              },
              {
                "name": "RHSA-2017:1409",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
              },
              {
                "name": "94940",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94940"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
              },
              {
                "name": "RHSA-2017:1675",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1675"
              },
              {
                "name": "1038524",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038524"
              },
              {
                "name": "RHSA-2017:1254",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1254"
              },
              {
                "name": "RHSA-2017:1410",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1410"
              },
              {
                "name": "RHSA-2017:1255",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
              },
              {
                "name": "RHSA-2017:1412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1412"
              },
              {
                "name": "RHSA-2018:2909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2909"
              },
              {
                "name": "RHSA-2017:1256",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1256"
              },
              {
                "name": "RHSA-2017:1253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1253"
              },
              {
                "name": "RHSA-2017:1260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1260"
              },
              {
                "name": "RHSA-2017:1676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1676"
              },
              {
                "name": "RHSA-2018:2913",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2913"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RESTEasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2016-12-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:1411",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1411"
            },
            {
              "name": "RHSA-2017:1409",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
            },
            {
              "name": "94940",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94940"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
            },
            {
              "name": "RHSA-2017:1675",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1675"
            },
            {
              "name": "1038524",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038524"
            },
            {
              "name": "RHSA-2017:1254",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1254"
            },
            {
              "name": "RHSA-2017:1410",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1410"
            },
            {
              "name": "RHSA-2017:1255",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
            },
            {
              "name": "RHSA-2017:1412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1412"
            },
            {
              "name": "RHSA-2018:2909",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2909"
            },
            {
              "name": "RHSA-2017:1256",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1256"
            },
            {
              "name": "RHSA-2017:1253",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1253"
            },
            {
              "name": "RHSA-2017:1260",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1260"
            },
            {
              "name": "RHSA-2017:1676",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1676"
            },
            {
              "name": "RHSA-2018:2913",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2913"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2016-12-15T00:00:00",
              "ID": "CVE-2016-9606",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RESTEasy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:1411",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1411"
                },
                {
                  "name": "RHSA-2017:1409",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
                },
                {
                  "name": "94940",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94940"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
                },
                {
                  "name": "RHSA-2017:1675",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1675"
                },
                {
                  "name": "1038524",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038524"
                },
                {
                  "name": "RHSA-2017:1254",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1254"
                },
                {
                  "name": "RHSA-2017:1410",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1410"
                },
                {
                  "name": "RHSA-2017:1255",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
                },
                {
                  "name": "RHSA-2017:1412",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1412"
                },
                {
                  "name": "RHSA-2018:2909",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2909"
                },
                {
                  "name": "RHSA-2017:1256",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1256"
                },
                {
                  "name": "RHSA-2017:1253",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1253"
                },
                {
                  "name": "RHSA-2017:1260",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1260"
                },
                {
                  "name": "RHSA-2017:1676",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1676"
                },
                {
                  "name": "RHSA-2018:2913",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2913"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9606",
        "datePublished": "2018-03-09T20:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:30:39.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1051 (GCVE-0-2018-1051)

    Vulnerability from cvelistv5 – Published: 2018-01-25 20:00 – Updated: 2024-08-05 03:44
    VLAI
    Summary
    It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat, Inc. resteasy Affected: after 3.0.22
    Affected: after 3.1.2
    Create a notification for this product.
    Date Public
    2018-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:44:11.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "resteasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "after 3.0.22"
                },
                {
                  "status": "affected",
                  "version": "after 3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2018-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-25T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-1051",
        "datePublished": "2018-01-25T20:00:00.000Z",
        "dateReserved": "2017-12-04T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:44:11.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7561 (GCVE-0-2017-7561)

    Vulnerability from cvelistv5 – Published: 2017-09-13 17:00 – Updated: 2024-09-16 22:35
    VLAI
    Summary
    Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:0479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0481 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/100465 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2018:0002 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0003 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0480 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:0005 vendor-advisoryx_refsource_REDHAT
    https://issues.jboss.org/browse/RESTEASY-1704 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2018:0478 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat, Inc. resteasy Affected: 3.0.7 through before 4.0.0Beta1
    Create a notification for this product.
    Date Public
    2017-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:12.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:0479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0479"
              },
              {
                "name": "RHSA-2018:0481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0481"
              },
              {
                "name": "100465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100465"
              },
              {
                "name": "RHSA-2018:0002",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0002"
              },
              {
                "name": "RHSA-2018:0004",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0004"
              },
              {
                "name": "RHSA-2018:0003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0003"
              },
              {
                "name": "RHSA-2018:0480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0480"
              },
              {
                "name": "RHSA-2018:0005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://issues.jboss.org/browse/RESTEASY-1704"
              },
              {
                "name": "RHSA-2018:0478",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0478"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "resteasy",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.7 through before 4.0.0Beta1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:0479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "100465",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100465"
            },
            {
              "name": "RHSA-2018:0002",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0002"
            },
            {
              "name": "RHSA-2018:0004",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0004"
            },
            {
              "name": "RHSA-2018:0003",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0003"
            },
            {
              "name": "RHSA-2018:0480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "RHSA-2018:0005",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://issues.jboss.org/browse/RESTEASY-1704"
            },
            {
              "name": "RHSA-2018:0478",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2017-08-22T00:00:00",
              "ID": "CVE-2017-7561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "resteasy",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.0.7 through before 4.0.0Beta1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:0479",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0479"
                },
                {
                  "name": "RHSA-2018:0481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0481"
                },
                {
                  "name": "100465",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100465"
                },
                {
                  "name": "RHSA-2018:0002",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0002"
                },
                {
                  "name": "RHSA-2018:0004",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0004"
                },
                {
                  "name": "RHSA-2018:0003",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0003"
                },
                {
                  "name": "RHSA-2018:0480",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0480"
                },
                {
                  "name": "RHSA-2018:0005",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0005"
                },
                {
                  "name": "https://issues.jboss.org/browse/RESTEASY-1704",
                  "refsource": "MISC",
                  "url": "https://issues.jboss.org/browse/RESTEASY-1704"
                },
                {
                  "name": "RHSA-2018:0478",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0478"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7561",
        "datePublished": "2017-09-13T17:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:35:06.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }