Resteasy CVE-2016-9571 Remote Code Execution Vulnerability



Resteasy is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Resteasy versions 3.0-beta-1 through 3.1.0.CR3 are vulnerable.

Information

Bugtraq ID: 94940
Class: Input Validation Error
CVE: CVE-2016-9571

Remote: Yes
Local: No
Published: Dec 16 2016 12:00AM
Updated: Apr 19 2017 05:05PM
Credit: Moritz Bechler (AgNO3 GmbH & Co. KG)
Vulnerable: Redhat Resteasy 3.1
Redhat Resteasy 3.1.0.CR3
Redhat Resteasy 3.1
Redhat Resteasy 3.0.9
Redhat Resteasy 3.0.8
Redhat Resteasy 3.0.7
Redhat Resteasy 3.0.6
Redhat Resteasy 3.0.5
Redhat Resteasy 3.0.4
Redhat Resteasy 3.0.2
Redhat Resteasy 3.0.1
Redhat Resteasy 3.0.0
Redhat Resteasy 3.0-beta-1
Redhat Resteasy 3.0 Rc1
Redhat Resteasy 3.0 Beta6
Redhat Resteasy 3.0 Beta5
Redhat Resteasy 3.0 Beta4
Redhat Resteasy 3.0 Beta3
Redhat Resteasy 3.0 Beta2
Redhat Resteasy 3.0 BETA1
Redhat Jboss EAP 7.1
Redhat Jboss EAP 6
Redhat JBoss BRMS 6.0
Redhat JBoss BPMS 6.0


Not Vulnerable:


Related Posts