Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-QJPQ-5PQ3-43RR
HistoryMay 14, 2022 - 1:18 a.m.

Incorrect Privilege Assignment in RESTEasy

2022-05-1401:18:38
Google
osv.dev
20
resteasy
privilege assignment
red hat jboss enterprise application platform

EPSS

0.009

Percentile

83.1%

JSON

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.

Related

mageia 1
cvelist 3
nvd 3
cve 3
redhat 17
nessus 9
centos 1
openvas 5
github 3
prion 3
veracode 2
oraclelinux 1
osv 2
ibm 2
checkpoint_advisories 1
fedora 1
oracle 1
mageia
mageia
Updated resteasy package fix CVE-2014-3490
2014-12-26 20:04:58
cvelist
cvelist
CVE-2014-3490
2014-08-19 18:00:00
CVE-2012-0818
2012-11-23 20:00:00
CVE-2011-5245
2012-11-23 20:00:00
nvd
nvd
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
cve
cve
CVE-2014-3490
2014-08-19 18:55:02
CVE-2012-0818
2012-11-23 20:55:02
CVE-2011-5245
2012-11-23 20:55:02
redhat
redhat
(RHSA-2014:1040) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
2014-08-11 00:00:00
(RHSA-2014:1011) Moderate: resteasy-base security update
2014-08-06 00:00:00
(RHSA-2014:1298) Moderate: Red Hat JBoss Data Grid 6.3.1 update
2014-09-24 16:49:09
nessus
nessus
RHEL 7 : resteasy-base (RHSA-2014:1011)
2014-08-06 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1040)
2014-08-13 00:00:00
Oracle Linux 7 : resteasy-base (ELSA-2014-1011)
2014-08-06 00:00:00
centos
centos
resteasy security update
2014-08-06 14:38:38
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0547)
2022-01-28 00:00:00
RedHat Update for resteasy-base RHSA-2014:1011-01
2014-08-06 00:00:00
CentOS Update for resteasy-base CESA-2014:1011 centos7
2014-09-10 00:00:00
github
github
Incorrect Privilege Assignment in RESTEasy
2022-05-14 01:18:38
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
prion
prion
Xxe
2014-08-19 18:55:00
Xxe
2012-11-23 20:55:00
Xxe
2012-11-23 20:55:00
veracode
veracode
Arbitrary File Access With External Entities
2019-01-15 08:58:57
XML External Entity (XXE) To Read Files
2019-01-15 08:54:05
oraclelinux
oraclelinux
resteasy-base security update
2014-08-05 00:00:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:49:58
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
2022-05-17 01:50:09
ibm
ibm
Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)
2018-06-16 19:40:59
Security Bulletins for Emptoris Contract Management
2018-12-08 16:15:01
checkpoint_advisories
checkpoint_advisories
Red Hat JBoss RESTEasy PARAMETER ENTITY XXE Information Disclosure (CVE-2014-3490)
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: resteasy-3.0.6-3.fc20
2015-04-24 22:47:08
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

EPSS

0.009

Percentile

83.1%

JSON
Related for OSV:GHSA-QJPQ-5PQ3-43RR
mageia1cvelist3nvd3cve3redhat17nessus9centos1openvas5github3prion3veracode2oraclelinux1osv2ibm2checkpoint_advisories1fedora1oracle1