logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-9606

Description

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851430> #### Notes Author| Note ---|--- [sbeattie](<https://launchpad.net/~sbeattie>) | in some places, incorrectly referred to as CVE-2016-9571 due to a double assignment [msalvatore](<https://launchpad.net/~msalvatore>) | Can be mitigated by adding authentiation and authorization to any endpoint expecting Yaml content or disabling YamlProvider.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream resteasy 3.1.2, 3.0.22
ubuntu 16.04 resteasy any

Related