vulnerability
Red Hat JBoss EAP: CVE-2016-9606: Improper Input Validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Dec 15, 2016 | Sep 19, 2024 | Jul 2, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Dec 15, 2016
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.. It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
Solution
red-hat-jboss-eap-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.