CVE-2016-9606

EUVD-2022-4144
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
redhatresteasy
𝑥
≤ 3.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
resteasy
jessie
no-dsa
sid
3.6.2-2
fixed
resteasy3.0
bookworm
3.0.26-6
fixed
bullseye
3.0.26-2
fixed
jessie
no-dsa
sid
3.0.26-6
fixed
trixie
3.0.26-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
resteasy
artful
ignored
bionic
dne
cosmic
dne
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
dne
trusty
dne
xenial
needed
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2017-1255.html
http://rhn.redhat.com/errata/RHSA-2017-1409.html
http://www.securityfocus.com/bid/94940
http://www.securitytracker.com/id/1038524
https://access.redhat.com/errata/RHSA-2017:1253
https://access.redhat.com/errata/RHSA-2017:1254
https://access.redhat.com/errata/RHSA-2017:1256
https://access.redhat.com/errata/RHSA-2017:1260
https://access.redhat.com/errata/RHSA-2017:1410
https://access.redhat.com/errata/RHSA-2017:1411
https://access.redhat.com/errata/RHSA-2017:1412
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2018:2909
https://access.redhat.com/errata/RHSA-2018:2913
https://bugzilla.redhat.com/show_bug.cgi?id=1400644
http://rhn.redhat.com/errata/RHSA-2017-1255.html
http://rhn.redhat.com/errata/RHSA-2017-1409.html
http://www.securityfocus.com/bid/94940
http://www.securitytracker.com/id/1038524
https://access.redhat.com/errata/RHSA-2017:1253
https://access.redhat.com/errata/RHSA-2017:1254
https://access.redhat.com/errata/RHSA-2017:1256
https://access.redhat.com/errata/RHSA-2017:1260
https://access.redhat.com/errata/RHSA-2017:1410
https://access.redhat.com/errata/RHSA-2017:1411
https://access.redhat.com/errata/RHSA-2017:1412
https://access.redhat.com/errata/RHSA-2017:1675
https://access.redhat.com/errata/RHSA-2017:1676
https://access.redhat.com/errata/RHSA-2018:2909
https://access.redhat.com/errata/RHSA-2018:2913
https://bugzilla.redhat.com/show_bug.cgi?id=1400644