8 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in...
The vulnerability of the YamlProvider component in the RESTEasy software framework allows a perpetrator to execute arbitrary code.
The vulnerability of the YamlProvider component in the RESTEasy software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
resteasy: Error message exposes endpoint class information
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...
Cross-site Scripting (XSS)
Overview org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It did not properly handle URL encoding when the RESTEASY003870 exception occur...
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class
A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed...
RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack...
RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...