Information disclosure in Redhat Resteasy

CVE-2012-0818

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

Vulnerability class: Information Disclosure

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Redhat Resteasy — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_MISC)
RHSA-2012:1059 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
51748 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
RHSA-2012:1056 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2012:1058 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
51766 (vdb-entry, x_refsource_BID)
78679 (x_refsource_OSVDB, vdb-entry)
RHSA-2012:0519 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
50084 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)