Vulnerability Details CVE-2012-0818
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://rhn.redhat.com/errata/RHSA-2012-1056.html
- http://rhn.redhat.com/errata/RHSA-2012-1057.html
- http://rhn.redhat.com/errata/RHSA-2012-1058.html
- http://rhn.redhat.com/errata/RHSA-2012-1059.html
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- http://secunia.com/advisories/47818
- http://secunia.com/advisories/47832
- http://secunia.com/advisories/48697
- http://secunia.com/advisories/48954
- http://secunia.com/advisories/50084
- http://secunia.com/advisories/57716
- http://secunia.com/advisories/57719
- http://www.osvdb.org/78679
- http://www.securityfocus.com/bid/51748
- http://www.securityfocus.com/bid/51766
- https://bugzilla.redhat.com/show_bug.cgi?id=785631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
- https://issues.jboss.org/browse/RESTEASY-637
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://rhn.redhat.com/errata/RHSA-2012-1056.html
- http://rhn.redhat.com/errata/RHSA-2012-1057.html
- http://rhn.redhat.com/errata/RHSA-2012-1058.html
- http://rhn.redhat.com/errata/RHSA-2012-1059.html
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- http://secunia.com/advisories/47818
- http://secunia.com/advisories/47832
- http://secunia.com/advisories/48697
- http://secunia.com/advisories/48954
- http://secunia.com/advisories/50084
- http://secunia.com/advisories/57716
- http://secunia.com/advisories/57719
- http://www.osvdb.org/78679
- http://www.securityfocus.com/bid/51748
- http://www.securityfocus.com/bid/51766
- https://bugzilla.redhat.com/show_bug.cgi?id=785631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
- https://issues.jboss.org/browse/RESTEASY-637
Products affected by CVE-2012-0818
-
cpe:2.3:a:redhat:resteasy:-
-
cpe:2.3:a:redhat:resteasy:1.0.0
-
cpe:2.3:a:redhat:resteasy:1.0.1
-
cpe:2.3:a:redhat:resteasy:1.0.2
-
cpe:2.3:a:redhat:resteasy:1.1
-
cpe:2.3:a:redhat:resteasy:1.2
-
cpe:2.3:a:redhat:resteasy:1.2.1
-
cpe:2.3:a:redhat:resteasy:2.0.0
-
cpe:2.3:a:redhat:resteasy:2.0.1
-
cpe:2.3:a:redhat:resteasy:2.1.0
-
cpe:2.3:a:redhat:resteasy:2.2.0
-
cpe:2.3:a:redhat:resteasy:2.2.1
-
cpe:2.3:a:redhat:resteasy:2.2.2
-
cpe:2.3:a:redhat:resteasy:2.2.3
-
cpe:2.3:a:redhat:resteasy:2.3.0