csaf_redhat - rhsa-2012

rhsa-2012_1059

Vulnerability from csaf_redhat

Published

2012-07-05 19:24

Modified

2024-11-14 11:31

Summary

Red Hat Security Advisory: resteasy security update

Notes

Topic

Updated resteasy packages that fix one security issue are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity (XXE) attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM (Document Object Model) Document and JAXB (Java Architecture for XML Binding) input. (CVE-2012-0818) Note: The fix for CVE-2012-0818 is not enabled by default. This update adds a new configuration option to disable entity expansion in RESTEasy. If applications on your server expose RESTEasy XML endpoints, a resteasy.document.expand.entity.references configuration snippet must be added to their web.xml file to disable entity expansion in RESTEasy. Refer to Red Hat Bugzilla bug 785631 for details. Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along with all other customized configuration files. Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 4, 5, and 6 should upgrade to these updated packages, which correct this issue. The JBoss server process must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated resteasy packages that fix one security issue are now available for\nJBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4,\n5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RESTEasy provides various frameworks to help you build RESTful web services\nand RESTful Java applications.\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. (CVE-2012-0818)\n\nNote: The fix for CVE-2012-0818 is not enabled by default. This update adds\na new configuration option to disable entity expansion in RESTEasy. If\napplications on your server expose RESTEasy XML endpoints, a\nresteasy.document.expand.entity.references configuration snippet must be\nadded to their web.xml file to disable entity expansion in RESTEasy. Refer\nto Red Hat Bugzilla bug 785631 for details.\n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files.\n\nUsers of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise\nLinux 4, 5, and 6 should upgrade to these updated packages, which correct\nthis issue. The JBoss server process must be restarted for this update to\ntake effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2012:1059",
        "url": "https://access.redhat.com/errata/RHSA-2012:1059"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "785631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1059.json"
      }
    ],
    "title": "Red Hat Security Advisory: resteasy security update",
    "tracking": {
      "current_release_date": "2024-11-14T11:31:30+00:00",
      "generator": {
        "date": "2024-11-14T11:31:30+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2012:1059",
      "initial_release_date": "2012-07-05T19:24:00+00:00",
      "revision_history": [
        {
          "date": "2012-07-05T19:24:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2012-07-05T19:27:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T11:31:30+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
                  "product_id": "4AS-JBEAP-5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
                  "product_id": "4ES-JBEAP-5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
                  "product_id": "6Server-JBEAP-5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                "product": {
                  "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_id": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-manual@1.2.1-10.CP02_patch01.1.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                "product": {
                  "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_id": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-examples@1.2.1-10.CP02_patch01.1.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                "product": {
                  "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_id": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-javadoc@1.2.1-10.CP02_patch01.1.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                "product": {
                  "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_id": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-manual@1.2.1-10.CP02_patch01.1.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                "product": {
                  "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_id": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-examples@1.2.1-10.CP02_patch01.1.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                "product": {
                  "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_id": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-javadoc@1.2.1-10.CP02_patch01.1.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                "product": {
                  "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_id": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-manual@1.2.1-10.CP02_patch01.1.ep5.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                "product": {
                  "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_id": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-examples@1.2.1-10.CP02_patch01.1.ep5.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                "product": {
                  "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_id": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy-javadoc@1.2.1-10.CP02_patch01.1.ep5.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
                "product": {
                  "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
                  "product_id": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/resteasy@1.2.1-10.CP02_patch01.1.ep5.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch"
        },
        "product_reference": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch"
        },
        "product_reference": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch"
        },
        "product_reference": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch"
        },
        "product_reference": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src"
        },
        "product_reference": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        },
        "product_reference": "resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        },
        "product_reference": "resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        },
        "product_reference": "resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-5245",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2012-01-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "785631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RESTEasy: XML eXternal Entity (XXE) flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
          "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
          "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
          "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
          "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-5245"
        },
        {
          "category": "external",
          "summary": "RHBZ#785631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-5245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-5245"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-5245",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5245"
        }
      ],
      "release_date": "2011-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-07-05T19:24:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
            "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
            "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1059"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
            "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
            "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "RESTEasy: XML eXternal Entity (XXE) flaw"
    },
    {
      "cve": "CVE-2012-0818",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2012-01-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "785631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RESTEasy: XML eXternal Entity (XXE) flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
          "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
          "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
          "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
          "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
          "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
          "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
          "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-0818"
        },
        {
          "category": "external",
          "summary": "RHBZ#785631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-0818"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0818",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0818"
        }
      ],
      "release_date": "2011-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-07-05T19:24:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
            "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
            "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1059"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4AS-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4AS-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4.src",
            "4ES-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "4ES-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el4.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5.src",
            "5Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "5Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el5.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6.src",
            "6Server-JBEAP-5:resteasy-examples-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-javadoc-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch",
            "6Server-JBEAP-5:resteasy-manual-0:1.2.1-10.CP02_patch01.1.ep5.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "RESTEasy: XML eXternal Entity (XXE) flaw"
    }
  ]
}

cve-2012-0818

Vulnerability from cvelistv5

Published

2012-11-23 20:00

Modified

2024-08-06 18:38

Severity ?

Summary

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=785631	x_refsource_MISC
	http://rhn.redhat.com/errata/RHSA-2012-1059.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/51748	vdb-entry, x_refsource_BID
	https://issues.jboss.org/browse/RESTEASY-637	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1056.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-1058.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/51766	vdb-entry, x_refsource_BID
	http://www.osvdb.org/78679	vdb-entry, x_refsource_OSVDB
	http://rhn.redhat.com/errata/RHSA-2012-0519.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/50084	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0371.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-1057.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72808	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/48954	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0441.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/47832	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/57719	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/57716	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/47818	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0372.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/48697	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-1125.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
          },
          {
            "name": "RHSA-2012:1059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
          },
          {
            "name": "51748",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51748"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/RESTEASY-637"
          },
          {
            "name": "RHSA-2012:1056",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
          },
          {
            "name": "RHSA-2012:1058",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
          },
          {
            "name": "51766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51766"
          },
          {
            "name": "78679",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/78679"
          },
          {
            "name": "RHSA-2012:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
          },
          {
            "name": "50084",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50084"
          },
          {
            "name": "RHSA-2014:0371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
          },
          {
            "name": "RHSA-2012:1057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
          },
          {
            "name": "resteasy-xml-info-disclosure(72808)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
          },
          {
            "name": "48954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48954"
          },
          {
            "name": "RHSA-2012:0441",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
          },
          {
            "name": "47832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47832"
          },
          {
            "name": "57719",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57719"
          },
          {
            "name": "57716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57716"
          },
          {
            "name": "47818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47818"
          },
          {
            "name": "RHSA-2014:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
          },
          {
            "name": "48697",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48697"
          },
          {
            "name": "RHSA-2012:1125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
        },
        {
          "name": "RHSA-2012:1059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
        },
        {
          "name": "51748",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51748"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/RESTEASY-637"
        },
        {
          "name": "RHSA-2012:1056",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
        },
        {
          "name": "RHSA-2012:1058",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
        },
        {
          "name": "51766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51766"
        },
        {
          "name": "78679",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/78679"
        },
        {
          "name": "RHSA-2012:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
        },
        {
          "name": "50084",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50084"
        },
        {
          "name": "RHSA-2014:0371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
        },
        {
          "name": "RHSA-2012:1057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
        },
        {
          "name": "resteasy-xml-info-disclosure(72808)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
        },
        {
          "name": "48954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48954"
        },
        {
          "name": "RHSA-2012:0441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
        },
        {
          "name": "47832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47832"
        },
        {
          "name": "57719",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57719"
        },
        {
          "name": "57716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57716"
        },
        {
          "name": "47818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47818"
        },
        {
          "name": "RHSA-2014:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
        },
        {
          "name": "48697",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48697"
        },
        {
          "name": "RHSA-2012:1125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0818",
    "datePublished": "2012-11-23T20:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-5245

Vulnerability from cvelistv5

Published

2012-11-23 20:00

Modified

2024-08-07 00:30

Severity ?

Summary

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=785631	x_refsource_MISC
	http://www.osvdb.org/78680	vdb-entry, x_refsource_OSVDB
	http://rhn.redhat.com/errata/RHSA-2012-1059.html	vendor-advisory, x_refsource_REDHAT
	https://issues.jboss.org/browse/RESTEASY-647	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1056.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-1058.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/51766	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2012-0519.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/50084	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0371.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-1057.html	vendor-advisory, x_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72808	vdb-entry, x_refsource_XF
	http://rhn.redhat.com/errata/RHSA-2012-0441.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/47832	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/57719	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/57716	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0372.html	vendor-advisory, x_refsource_REDHAT
	https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1125.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:30:46.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
          },
          {
            "name": "78680",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/78680"
          },
          {
            "name": "RHSA-2012:1059",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/RESTEASY-647"
          },
          {
            "name": "RHSA-2012:1056",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
          },
          {
            "name": "RHSA-2012:1058",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
          },
          {
            "name": "51766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51766"
          },
          {
            "name": "RHSA-2012:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
          },
          {
            "name": "50084",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50084"
          },
          {
            "name": "RHSA-2014:0371",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
          },
          {
            "name": "RHSA-2012:1057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
          },
          {
            "name": "resteasy-xml-info-disclosure(72808)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
          },
          {
            "name": "RHSA-2012:0441",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
          },
          {
            "name": "47832",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47832"
          },
          {
            "name": "57719",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57719"
          },
          {
            "name": "57716",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57716"
          },
          {
            "name": "RHSA-2014:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"
          },
          {
            "name": "RHSA-2012:1125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
        },
        {
          "name": "78680",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/78680"
        },
        {
          "name": "RHSA-2012:1059",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/RESTEASY-647"
        },
        {
          "name": "RHSA-2012:1056",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
        },
        {
          "name": "RHSA-2012:1058",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
        },
        {
          "name": "51766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51766"
        },
        {
          "name": "RHSA-2012:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
        },
        {
          "name": "50084",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50084"
        },
        {
          "name": "RHSA-2014:0371",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
        },
        {
          "name": "RHSA-2012:1057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
        },
        {
          "name": "resteasy-xml-info-disclosure(72808)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
        },
        {
          "name": "RHSA-2012:0441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
        },
        {
          "name": "47832",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47832"
        },
        {
          "name": "57719",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57719"
        },
        {
          "name": "57716",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57716"
        },
        {
          "name": "RHSA-2014:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"
        },
        {
          "name": "RHSA-2012:1125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-5245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785631",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
            },
            {
              "name": "78680",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/78680"
            },
            {
              "name": "RHSA-2012:1059",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
            },
            {
              "name": "https://issues.jboss.org/browse/RESTEASY-647",
              "refsource": "CONFIRM",
              "url": "https://issues.jboss.org/browse/RESTEASY-647"
            },
            {
              "name": "RHSA-2012:1056",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
            },
            {
              "name": "RHSA-2012:1058",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
            },
            {
              "name": "51766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51766"
            },
            {
              "name": "RHSA-2012:0519",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
            },
            {
              "name": "50084",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50084"
            },
            {
              "name": "RHSA-2014:0371",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
            },
            {
              "name": "RHSA-2012:1057",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
            },
            {
              "name": "resteasy-xml-info-disclosure(72808)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
            },
            {
              "name": "RHSA-2012:0441",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
            },
            {
              "name": "47832",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/47832"
            },
            {
              "name": "57719",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57719"
            },
            {
              "name": "57716",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57716"
            },
            {
              "name": "RHSA-2014:0372",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
            },
            {
              "name": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708",
              "refsource": "CONFIRM",
              "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"
            },
            {
              "name": "RHSA-2012:1125",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-5245",
    "datePublished": "2012-11-23T20:00:00",
    "dateReserved": "2012-11-23T00:00:00",
    "dateUpdated": "2024-08-07T00:30:46.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2012_1059

Vulnerability from csaf_redhat

cve-2012-0818

Vulnerability from cvelistv5

cve-2011-5245

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature