← back
CVE-2016-9606

CVE-2016-9606

EPSS 6.2%CWE-20
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Affected products
Red Hat, Inc. · RESTEasy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2017-1255.htmlhttp://rhn.redhat.com/errata/RHSA-2017-1409.htmlhttps://access.redhat.com/errata/RHSA-2017:1253https://access.redhat.com/errata/RHSA-2017:1254https://access.redhat.com/errata/RHSA-2017:1256https://access.redhat.com/errata/RHSA-2017:1260https://access.redhat.com/errata/RHSA-2017:1410https://access.redhat.com/errata/RHSA-2017:1411https://access.redhat.com/errata/RHSA-2017:1412https://access.redhat.com/errata/RHSA-2017:1675https://access.redhat.com/errata/RHSA-2017:1676https://access.redhat.com/errata/RHSA-2018:2909