Lucene search

PRIOn knowledge basePRION:CVE-2016-9606

HistoryMar 09, 2018 - 8:29 p.m.

Design/Logic Flaw

2018-03-0920:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

CPENameOperatorVersion
resteasyle3.1.1

CPE	Name	Operator	Version
	resteasy	le	3.1.1

References

rhn.redhat.com/errata/RHSA-2017-1255.html

rhn.redhat.com/errata/RHSA-2017-1409.html

www.securityfocus.com/bid/94940

www.securitytracker.com/id/1038524

access.redhat.com/errata/RHSA-2017:1253

access.redhat.com/errata/RHSA-2017:1254

access.redhat.com/errata/RHSA-2017:1256

access.redhat.com/errata/RHSA-2017:1260

access.redhat.com/errata/RHSA-2017:1410

access.redhat.com/errata/RHSA-2017:1411

access.redhat.com/errata/RHSA-2017:1412

access.redhat.com/errata/RHSA-2017:1675

access.redhat.com/errata/RHSA-2017:1676

access.redhat.com/errata/RHSA-2018:2909

access.redhat.com/errata/RHSA-2018:2913

bugzilla.redhat.com/show_bug.cgi?id=1400644