8.1

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatResteasy Version <= 3.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2017:1675
Third Party Advisory
Broken Link
https://access.redhat.com/errata/RHSA-2017:1676
Third Party Advisory
Broken Link
http://www.securityfocus.com/bid/94940
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038524
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1400644
Third Party Advisory
Issue Tracking