715 matches found
DEBIAN-CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
Design/Logic Flaw
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
Design/Logic Flaw
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...
UBUNTU-CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
UBUNTU-CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...
CVE-2016-6345
RESTEasy vulnerability CVE-2016-6345 is confirmed in connected documents as a flaw where remote authenticated users could obtain sensitive information due to insufficient use of random values in asynchronous jobs. The Ubuntu advisory USN-7630-1 and related Nessus/OpenVAS entries reference this CV...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...
CVE-2016-6346
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...
CVE-2016-6346
CVE-2016-6346 affects RESTEasy: enabling a vulnerable GZIP decompression path can cause a denial of service via unspecified vectors. The Ubuntu advisory USN-7630-1 documents RESTEasy vulnerabilities including CVE-2016-6346 and notes affected Ubuntu releases; Nessus/OSS advisories reference unpatc...
RESTEasy Cross-Site Scripting Vulnerability
RESTEasy is an open source architecture for building web framework applications. RESTEasy suffers from a cross-site scripting vulnerability due to a failure to properly filter user-supplied input. An attacker could be allowed to exploit the vulnerability to steal cookie-based authentication...
Red Hat RESTEasy Information Disclosure Vulnerability
RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. Red Hat RESTEasy information disclosure vulnerability exists. Attackers can use this vulnerability to obtain sensitive information...
Red Hat RESTEasy Denial of Service Vulnerability
RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. A denial of service vulnerability exists in Red Hat RESTEasy. An attacker could exploit this vulnerability to cause a denial of service...
CVE-2016-6348
It was found that in some configurations the JacksonJsonpInterceptor is activated by default in RESTEasy. An attacker could use this flaw to launch a Cross Site Scripting Inclusion attack...
CVE-2016-6347
It was found that the default exception handler in RESTEasy did not properly validate user input. An attacker could use this flaw to launch a relected XSS attack...
CVE-2016-6345
It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data. Mitigation Dont enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services...
Oracle: Security Advisory (ELSA-2014-1011)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...