RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Redhat
  • Resteasy

Configuration 1 [-]

OR cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2012-0441.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0519.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1056.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1057.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1058.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1059.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1125.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/47818 Vendor Advisory
http://secunia.com/advisories/47832 Vendor Advisory
http://secunia.com/advisories/48697
http://secunia.com/advisories/48954
http://secunia.com/advisories/50084 Vendor Advisory
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
http://www.osvdb.org/78679
http://www.securityfocus.com/bid/51748
http://www.securityfocus.com/bid/51766
https://bugzilla.redhat.com/show_bug.cgi?id=785631
https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
https://issues.jboss.org/browse/RESTEASY-637 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-23T20:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-01-19T00:00:00

Link: CVE-2012-0818

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-11-23T20:55:02.320

Modified: 2023-02-13T03:26:21.480

Link: CVE-2012-0818

JSON object: View

cve-icon Redhat Information

No data.

CWE