Lucene search

K

RedhatCVELIST:CVE-2016-9606

HistoryMar 09, 2018 - 8:00 p.m.

CVE-2016-9606

2018-03-0920:00:00

CWE-20

redhat

www.cve.org

10

AI Score

8.2

Confidence

High

EPSS

0.017

Percentile

87.9%

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

CNA Affected

[
  {
    "product": "RESTEasy",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.1.2"
      }
    ]
  }
]

References

rhn.redhat.com/errata/RHSA-2017-1255.html

rhn.redhat.com/errata/RHSA-2017-1409.html

www.securityfocus.com/bid/94940

www.securitytracker.com/id/1038524

access.redhat.com/errata/RHSA-2017:1253

access.redhat.com/errata/RHSA-2017:1254

access.redhat.com/errata/RHSA-2017:1256

access.redhat.com/errata/RHSA-2017:1260

access.redhat.com/errata/RHSA-2017:1410

access.redhat.com/errata/RHSA-2017:1411

access.redhat.com/errata/RHSA-2017:1412

access.redhat.com/errata/RHSA-2017:1675

access.redhat.com/errata/RHSA-2017:1676

access.redhat.com/errata/RHSA-2018:2909

access.redhat.com/errata/RHSA-2018:2913

bugzilla.redhat.com/show_bug.cgi?id=1400644

AI Score

8.2

Confidence

High

EPSS

0.017

Percentile

87.9%

Related for CVELIST:CVE-2016-9606

redhat13 veracode3 nessus7 cve3 nvd3 github2 redhatcve2 debiancve2 osv4 prion3 ubuntucve2 cvelist1 impervablog1