Lucene search
Redhat.comRH:CVE-2018-1051HistoryJan 25, 2018 - 4:50 p.m.
CVE-2018-1051
2018-01-2516:50:00
redhat.com
access.redhat.com
16
EPSS
0.023
Percentile
89.8%
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load() in YamlProvider.
Mitigation
If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability.
Related
debiancve
debiancve
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
osv
osv
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
ubuntucve
ubuntucve
CVE-2018-1051
2018-01-25 00:00:00
CVE-2016-9606
2018-03-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-01-26 00:15:27
Remote Code Execution (RCE)
2019-01-15 09:16:49
Remote Code Execution (RCE)
2016-12-16 08:05:27
github
github
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
cvelist
cvelist
CVE-2018-1051
2018-01-25 20:00:00
CVE-2016-9606
2016-12-15 00:00:00
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2018-01-25 20:29:00
Design/Logic Flaw
2018-03-09 20:29:00
Design/Logic Flaw
2017-03-07 15:59:00
redhat
redhat
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2017:1254)
2017-05-22 00:00:00
RHEL 7 : JBoss EAP (RHSA-2017:1253)
2018-09-04 00:00:00
RHEL 5 : JBoss EAP (RHSA-2017:1256)
2017-05-22 00:00:00
redhatcve
redhatcve
CVE-2016-9606
2019-10-31 10:31:37
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08