Lucene search
Veracode Vulnerability DatabaseVERACODE:5748HistoryJan 26, 2018 - 12:15 a.m.
Remote Code Execution (RCE)
2018-01-2600:15:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.023
Percentile
89.8%
resteasy-yaml-provider is vulnerable to remote code execution (RCE) attacks. These attacks are possible because of an incomplete fix for CVE-2016-9606 which still uses Yaml.load() in the YamlProvider. This issue only affects applications which have the YamlProvider explicitly enabled by adding or appending a file with the name META-INF/services/javax.ws.rs.ext.Providers to your WAR, or JAR with the contents org.jboss.resteasy.plugins.providers.YamlProvider.
Related
debiancve
debiancve
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
osv
osv
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
ubuntucve
ubuntucve
CVE-2018-1051
2018-01-25 00:00:00
CVE-2016-9606
2018-03-09 00:00:00
redhatcve
redhatcve
CVE-2018-1051
2018-01-25 16:50:00
CVE-2016-9606
2019-10-31 10:31:37
github
github
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
cvelist
cvelist
CVE-2018-1051
2018-01-25 20:00:00
CVE-2016-9606
2016-12-15 00:00:00
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2018-01-25 20:29:00
Design/Logic Flaw
2018-03-09 20:29:00
Design/Logic Flaw
2017-03-07 15:59:00
redhat
redhat
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:16:49
Remote Code Execution (RCE)
2016-12-16 08:05:27
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2017:1254)
2017-05-22 00:00:00
RHEL 7 : JBoss EAP (RHSA-2017:1253)
2018-09-04 00:00:00
RHEL 5 : JBoss EAP (RHSA-2017:1256)
2017-05-22 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08