8.1

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatResteasy Version <= 3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.18% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2017:1675
Third Party Advisory
Broken Link
https://access.redhat.com/errata/RHSA-2017:1676
Third Party Advisory
Broken Link
http://rhn.redhat.com/errata/RHSA-2017-1255.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1409.html
Third Party Advisory
http://www.securityfocus.com/bid/94940
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038524
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1253
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1254
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1256
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1260
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1410
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1411
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1412
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2909
https://access.redhat.com/errata/RHSA-2018:2913
https://bugzilla.redhat.com/show_bug.cgi?id=1400644
Third Party Advisory
Issue Tracking