Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5245

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5245
Last Modified 19 Apr 2014 12:18:14
Published 23 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5245

Summary

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

Vulnerable Systems

Application

  • Redhat Resteasy 1.0.0

  • Redhat Resteasy 1.0.1

  • Redhat Resteasy 1.0.2

  • Redhat Resteasy 1.1

  • Redhat Resteasy 1.2

  • Redhat Resteasy 2.0.0

  • Redhat Resteasy 2.0.1

  • Redhat Resteasy 2.1.0

  • Redhat Resteasy 2.2.0

  • Redhat Resteasy 2.2.1

  • Redhat Resteasy 2.2.2

  • Redhat Resteasy 2.2.3

  • Redhat Resteasy 2.3.0

  • Redhat Resteasy 2.3.1


References

CONFIRM - https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708

CONFIRM - https://issues.jboss.org/browse/RESTEASY-647

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=802622

XF - resteasy-xml-info-disclosure(72808)

BID - 51766

OSVDB - 78680

SECUNIA - 50084

SECUNIA - 47832

REDHAT - RHSA-2012:1125

REDHAT - RHSA-2012:1059

REDHAT - RHSA-2012:1058

REDHAT - RHSA-2012:1057

REDHAT - RHSA-2012:1056

REDHAT - RHSA-2012:0519

REDHAT - RHSA-2012:0441

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=785631

SECUNIA - 57719

SECUNIA - 57716

REDHAT - RHSA-2014:0372

REDHAT - RHSA-2014:0371


Last Updated: 27 May 2016 10:58:30