Vulnerability Details CVE-2016-9606
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://rhn.redhat.com/errata/RHSA-2017-1255.html
- http://rhn.redhat.com/errata/RHSA-2017-1409.html
- http://www.securityfocus.com/bid/94940
- http://www.securitytracker.com/id/1038524
- https://access.redhat.com/errata/RHSA-2017:1253
- https://access.redhat.com/errata/RHSA-2017:1254
- https://access.redhat.com/errata/RHSA-2017:1256
- https://access.redhat.com/errata/RHSA-2017:1260
- https://access.redhat.com/errata/RHSA-2017:1410
- https://access.redhat.com/errata/RHSA-2017:1411
- https://access.redhat.com/errata/RHSA-2017:1412
- https://access.redhat.com/errata/RHSA-2017:1675
- https://access.redhat.com/errata/RHSA-2017:1676
- https://access.redhat.com/errata/RHSA-2018:2909
- https://access.redhat.com/errata/RHSA-2018:2913
- https://bugzilla.redhat.com/show_bug.cgi?id=1400644
- http://rhn.redhat.com/errata/RHSA-2017-1255.html
- http://rhn.redhat.com/errata/RHSA-2017-1409.html
- http://www.securityfocus.com/bid/94940
- http://www.securitytracker.com/id/1038524
- https://access.redhat.com/errata/RHSA-2017:1253
- https://access.redhat.com/errata/RHSA-2017:1254
- https://access.redhat.com/errata/RHSA-2017:1256
- https://access.redhat.com/errata/RHSA-2017:1260
- https://access.redhat.com/errata/RHSA-2017:1410
- https://access.redhat.com/errata/RHSA-2017:1411
- https://access.redhat.com/errata/RHSA-2017:1412
- https://access.redhat.com/errata/RHSA-2017:1675
- https://access.redhat.com/errata/RHSA-2017:1676
- https://access.redhat.com/errata/RHSA-2018:2909
- https://access.redhat.com/errata/RHSA-2018:2913
- https://bugzilla.redhat.com/show_bug.cgi?id=1400644
Products affected by CVE-2016-9606
-
cpe:2.3:a:redhat:resteasy:-
-
cpe:2.3:a:redhat:resteasy:1.0.0
-
cpe:2.3:a:redhat:resteasy:1.0.1
-
cpe:2.3:a:redhat:resteasy:1.0.2
-
cpe:2.3:a:redhat:resteasy:1.1
-
cpe:2.3:a:redhat:resteasy:1.2
-
cpe:2.3:a:redhat:resteasy:1.2.1
-
cpe:2.3:a:redhat:resteasy:2.0.0
-
cpe:2.3:a:redhat:resteasy:2.0.1
-
cpe:2.3:a:redhat:resteasy:2.1.0
-
cpe:2.3:a:redhat:resteasy:2.2.0
-
cpe:2.3:a:redhat:resteasy:2.2.1
-
cpe:2.3:a:redhat:resteasy:2.2.2
-
cpe:2.3:a:redhat:resteasy:2.2.3
-
cpe:2.3:a:redhat:resteasy:2.3.0
-
cpe:2.3:a:redhat:resteasy:2.3.1
-
cpe:2.3:a:redhat:resteasy:2.3.2
-
cpe:2.3:a:redhat:resteasy:2.3.3
-
cpe:2.3:a:redhat:resteasy:2.3.4
-
cpe:2.3:a:redhat:resteasy:2.3.5
-
cpe:2.3:a:redhat:resteasy:2.3.6
-
cpe:2.3:a:redhat:resteasy:2.3.7
-
cpe:2.3:a:redhat:resteasy:2.3.7.1
-
cpe:2.3:a:redhat:resteasy:2.3.7.2
-
cpe:2.3:a:redhat:resteasy:2.3.8
-
cpe:2.3:a:redhat:resteasy:2.3.9
-
cpe:2.3:a:redhat:resteasy:3.0
-
cpe:2.3:a:redhat:resteasy:3.0.0
-
cpe:2.3:a:redhat:resteasy:3.0.1
-
cpe:2.3:a:redhat:resteasy:3.0.10
-
cpe:2.3:a:redhat:resteasy:3.0.11
-
cpe:2.3:a:redhat:resteasy:3.0.12
-
cpe:2.3:a:redhat:resteasy:3.0.13
-
cpe:2.3:a:redhat:resteasy:3.0.14
-
cpe:2.3:a:redhat:resteasy:3.0.15
-
cpe:2.3:a:redhat:resteasy:3.0.16
-
cpe:2.3:a:redhat:resteasy:3.0.17
-
cpe:2.3:a:redhat:resteasy:3.0.18
-
cpe:2.3:a:redhat:resteasy:3.0.19
-
cpe:2.3:a:redhat:resteasy:3.0.2
-
cpe:2.3:a:redhat:resteasy:3.0.20
-
cpe:2.3:a:redhat:resteasy:3.0.21
-
cpe:2.3:a:redhat:resteasy:3.0.22
-
cpe:2.3:a:redhat:resteasy:3.0.23
-
cpe:2.3:a:redhat:resteasy:3.0.24
-
cpe:2.3:a:redhat:resteasy:3.0.25
-
cpe:2.3:a:redhat:resteasy:3.0.26
-
cpe:2.3:a:redhat:resteasy:3.0.4
-
cpe:2.3:a:redhat:resteasy:3.0.5
-
cpe:2.3:a:redhat:resteasy:3.0.6
-
cpe:2.3:a:redhat:resteasy:3.0.7
-
cpe:2.3:a:redhat:resteasy:3.0.8
-
cpe:2.3:a:redhat:resteasy:3.0.9
-
cpe:2.3:a:redhat:resteasy:3.1.0
-
cpe:2.3:a:redhat:resteasy:3.1.1