Skip to main content

Resteasy CVE-2016-6345

MEDIUM
Information Exposure (CWE-200)
2016-09-07 secalert@redhat.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 07, 2016 - 18:59 cve.org
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 30 maven packages depend on org.jboss.resteasy:resteasy-client (22 direct, 8 indirect)

Ecosystem-wide dependent count for version 3.1.0.Beta1.

DescriptionCVE.org

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.

AnalysisAI

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Affected products include: Redhat Resteasy.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2014-3490 HIGH
7.5 Aug 19

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3

CVE-2018-1051 HIGH
8.1 Jan 25

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Restea

CVE-2016-6346 HIGH
7.5 Sep 07

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. Ra

CVE-2020-1695 HIGH
7.5 May 19

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Fin

CVE-2014-7839 MEDIUM
6.4 Nov 25

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parame

CVE-2016-6348 MEDIUM
6.1 Apr 12

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

CVE-2016-6347 MEDIUM
6.1 Apr 20

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject

CVE-2021-20293 MEDIUM
6.1 Jun 10

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where i

CVE-2023-0482 MEDIUM
5.5 Feb 17

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround clas

CVE-2021-20289 MEDIUM
5.3 Mar 26

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. Rated medium severity (CVSS 5.3), this vulne

CVE-2020-25633 MEDIUM
5.3 Sep 18

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. Rated medium severity (CVSS 5.3), thi

CVE-2012-0818 MEDIUM
5.0 Nov 23

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document

Share

CVE-2016-6345 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy