Shodan
Vulnerabilities
Vulnerable Software
Redhat:  >> Resteasy  Security Vulnerabilities
CVE-2016-6347
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-20
CVE-2016-6348
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-12
CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.02
Published
2016-09-07
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
CVSS Score
6.5
EPSS Score
0.001
Published
2016-09-07
CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
CVSS Score
6.4
EPSS Score
0.013
Published
2014-11-25
CVE-2014-3490
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.
CVSS Score
7.5
EPSS Score
0.046
Published
2014-08-19
CVE-2011-5245
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
CVSS Score
5.0
EPSS Score
0.009
Published
2012-11-23
CVE-2012-0818
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
CVSS Score
5.0
EPSS Score
0.014
Published
2012-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved