8.1
CVE-2016-9606
- EPSS 6.18%
- Veröffentlicht 09.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:01:30
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.18% | 0.926 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
http://rhn.redhat.com/errata/RHSA-2017-1255.html
http://rhn.redhat.com/errata/RHSA-2017-1409.html
http://www.securityfocus.com/bid/94940
http://www.securitytracker.com/id/1038524
https://access.redhat.com/errata/RHSA-2017:1253
https://access.redhat.com/errata/RHSA-2017:1254
https://access.redhat.com/errata/RHSA-2017:1256
https://access.redhat.com/errata/RHSA-2017:1260
https://access.redhat.com/errata/RHSA-2017:1410
https://access.redhat.com/errata/RHSA-2017:1411
https://access.redhat.com/errata/RHSA-2017:1412
https://access.redhat.com/errata/RHSA-2018:2909
https://access.redhat.com/errata/RHSA-2018:2913
https://bugzilla.redhat.com/show_bug.cgi?id=1400644