Lucene search
Redhat.comRH:CVE-2016-9606HistoryOct 31, 2019 - 10:31 a.m.
CVE-2016-9606
2019-10-3110:31:37
redhat.com
access.redhat.com
20
EPSS
0.017
Percentile
87.9%
It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
Mitigation
Add authentication and authorization to any Resteasy endpoint which doesn't define a mime type, or defines a multipart mime type.
Related
redhat
redhat
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:16:49
Remote Code Execution (RCE)
2016-12-16 08:05:27
Remote Code Execution (RCE)
2018-01-26 00:15:27
cvelist
cvelist
CVE-2016-9606
2018-03-09 20:00:00
CVE-2018-1051
2018-01-25 20:00:00
nessus
nessus
RHEL 6 : jboss-ec2-eap (RHSA-2017:1260)
2017-05-19 00:00:00
RHEL 5 : JBoss EAP (RHSA-2017:1256)
2017-05-22 00:00:00
RHEL 7 : JBoss EAP (RHSA-2017:1253)
2018-09-04 00:00:00
cve
cve
nvd
nvd
github
github
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
debiancve
debiancve
CVE-2016-9606
2018-03-09 20:29:00
CVE-2018-1051
2018-01-25 20:29:00
osv
osv
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
CVE-2016-9606
2018-03-09 20:29:00
CVE-2018-1051
2018-01-25 20:29:00
prion
prion
Design/Logic Flaw
2018-03-09 20:29:00
Design/Logic Flaw
2017-03-07 15:59:00
Design/Logic Flaw
2018-01-25 20:29:00
ubuntucve
ubuntucve
CVE-2016-9606
2018-03-09 00:00:00
CVE-2018-1051
2018-01-25 00:00:00
redhatcve
redhatcve
CVE-2018-1051
2018-01-25 16:50:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08