7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
RESTEasy is vulnerable to arbitrary file access. When resteasy.document.expand.entity.references parameter is set to false, it sets external entities to disable. This vulnerability is possible due to an incomplete fix for CVE-2012-0818.
rhn.redhat.com/errata/RHSA-2014-1011.html
rhn.redhat.com/errata/RHSA-2014-1039.html
rhn.redhat.com/errata/RHSA-2014-1040.html
rhn.redhat.com/errata/RHSA-2014-1298.html
rhn.redhat.com/errata/RHSA-2015-0125.html
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0765.html
secunia.com/advisories/60019
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.securityfocus.com/bid/69058
access.redhat.com/security/updates/classification/#moderate
github.com/resteasy/Resteasy/pull/521
github.com/resteasy/Resteasy/pull/533
github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83
rhn.redhat.com/errata/RHSA-2014-1040.html