GHSA-G4JG-GPWV-P7WV Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

Arbitrary File Access With External Entities

RESTEasy is vulnerable to arbitrary file access. When resteasy.document.expand.entity.references parameter is set to false, it sets external entities to disable. This vulnerability is possible due to an incomplete fix for CVE-2012-0818...

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 6 : rhevm (RHSA-2012:0421)

Updated rhevm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...

RHEL 6 : Storage Server (RHSA-2013:1263)

Updated Red Hat Storage Console packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Storage Server 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

Xxe

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform EAP 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1040)

Updated Red Hat JBoss Enterprise Application Platform 6.3.0 packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 security update

An update for Red Hat JBoss Enterprise Application Platform 6.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

CentOS 7 : resteasy-base (CESA-2014:1011)

Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

resteasy security update

CentOS Errata and Security Advisory CESA-2014:1011 Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...

RedHat Update for resteasy-base RHSA-2014:1011-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : resteasy-base (RHSA-2014:1011)

Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.1 update

Red Hat JBoss BRMS 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.1 update

Red Hat JBoss BPM Suite 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

RHEL 5 / 6 : resteasy (RHSA-2012:1059)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1059 advisory. - RESTEasy: XML eXternal Entity XXE flaw CVE-2011-5245, CVE-2012-0818 Note that Nessus has not tested for these issues but has instead...

Xxe

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

CVE-2012-0818

RESTEasy vulnerable to XML External Entity (XXE) injection in DOM/XML processing prior to version 2.3.1, allowing remote attackers to read arbitrary files via an external entity reference. Root cause is improper handling of external entities in RESTEasy’s XML/DOM/JAXB processing (notably the JAXB...