Redhat Resteasy
8 CVEs affecting Redhat Resteasy. Latest disclosed: 2017-04-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6346 | High | 7.5 | 2016-09-07 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. |
CVE-2016-6345 | Medium | 6.5 | 2016-09-07 | RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. |
CVE-2016-6347 | Medium | 6.1 | 2017-04-20 | Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspec… |
CVE-2016-6348 | Medium | 6.1 | 2017-04-12 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. |
CVE-2014-7839 | | 2014-11-25 | DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows rem… | |
CVE-2014-3490 | | 2014-08-19 | RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities… | |
CVE-2012-0818 | | 2012-11-23 | RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) inje… | |
CVE-2011-5245 | | 2012-11-23 | The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity ref… |