Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0818

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0818
Last Modified 19 Apr 2014 12:19:49
Published 23 Nov 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0818

Summary

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

Vulnerable Systems

Application

  • Redhat Resteasy 1.0.0

  • Redhat Resteasy 1.0.1

  • Redhat Resteasy 1.0.2

  • Redhat Resteasy 1.1

  • Redhat Resteasy 1.2

  • Redhat Resteasy 2.0.0

  • Redhat Resteasy 2.0.1

  • Redhat Resteasy 2.1.0

  • Redhat Resteasy 2.2.0

  • Redhat Resteasy 2.2.1

  • Redhat Resteasy 2.2.2

  • Redhat Resteasy 2.2.3

  • Redhat Resteasy 2.3.0


References

CONFIRM - https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708

CONFIRM - https://issues.jboss.org/browse/RESTEASY-647

CONFIRM - https://issues.jboss.org/browse/RESTEASY-637

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=802622

XF - resteasy-xml-info-disclosure(72808)

BID - 51766

BID - 51748

OSVDB - 78680

OSVDB - 78679

SECUNIA - 50084

SECUNIA - 47832

SECUNIA - 47818

REDHAT - RHSA-2012:1125

REDHAT - RHSA-2012:1059

REDHAT - RHSA-2012:1058

REDHAT - RHSA-2012:1057

REDHAT - RHSA-2012:1056

REDHAT - RHSA-2012:0519

REDHAT - RHSA-2012:0441

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=785631

SECUNIA - 48697

SECUNIA - 48954

SECUNIA - 57719

SECUNIA - 57716

REDHAT - RHSA-2014:0372

REDHAT - RHSA-2014:0371


Last Updated: 27 May 2016 10:58:30