← volver
CVE-2016-9606

CVE-2016-9606

EPSS 6.2%CWE-20
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Productos afectados
Red Hat, Inc. · RESTEasy

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://rhn.redhat.com/errata/RHSA-2017-1255.htmlhttp://rhn.redhat.com/errata/RHSA-2017-1409.htmlhttps://access.redhat.com/errata/RHSA-2017:1253https://access.redhat.com/errata/RHSA-2017:1254https://access.redhat.com/errata/RHSA-2017:1256https://access.redhat.com/errata/RHSA-2017:1260https://access.redhat.com/errata/RHSA-2017:1410https://access.redhat.com/errata/RHSA-2017:1411https://access.redhat.com/errata/RHSA-2017:1412https://access.redhat.com/errata/RHSA-2017:1675https://access.redhat.com/errata/RHSA-2017:1676https://access.redhat.com/errata/RHSA-2018:2909