PT-2016-3452 · Red Hat · Resteasy

Moritz Bechler

Publicado

2016-12-01

Atualizado

2022-05-14

CVE-2016-9606

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RESTEasy versions prior to 3.1.2

Description The issue is related to insufficient input validation in the YamlProvider component, which could allow an attacker to execute arbitrary code with RESTEasy application permissions by forcing the application into parsing a request with YamlProvider, resulting in the unmarshalling of potentially untrusted data.

Recommendations For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the YamlProvider component until a patch is available. Restrict access to the YamlProvider component to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2024-01097

CVE-2016-9606

GHSA-HGJR-XWJ3-JFVW

OESA-2021-1073

RHSA-2017:1253

RHSA-2017:1254

RHSA-2017:1256

RHSA-2017:1260

RHSA-2017:1410

RHSA-2017:1411

RHSA-2017:1412

Produtos afetados

Resteasy

PT-2016-3452 · Red Hat · Resteasy

CVE-2016-9606

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30