ID de Prueba:	1.3.6.1.4.1.25623.1.0.871217
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for resteasy-base RHSA-2014:1011-01
Resumen:	The remote host is missing an update for the 'resteasy-base'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'resteasy-base' package(s) announced via the referenced advisory. Vulnerability Insight: RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: resteasy-base on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3490 BugTraq ID: 69058 http://www.securityfocus.com/bid/69058 https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83 RedHat Security Advisories: RHSA-2014:1011 http://rhn.redhat.com/errata/RHSA-2014-1011.html RedHat Security Advisories: RHSA-2014:1039 http://rhn.redhat.com/errata/RHSA-2014-1039.html RedHat Security Advisories: RHSA-2014:1040 http://rhn.redhat.com/errata/RHSA-2014-1040.html RedHat Security Advisories: RHSA-2014:1298 http://rhn.redhat.com/errata/RHSA-2014-1298.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html http://secunia.com/advisories/60019 Common Vulnerability Exposure (CVE) ID: CVE-2012-0818 47818 http://secunia.com/advisories/47818 47832 http://secunia.com/advisories/47832 48697 http://secunia.com/advisories/48697 48954 http://secunia.com/advisories/48954 50084 http://secunia.com/advisories/50084 51748 http://www.securityfocus.com/bid/51748 51766 http://www.securityfocus.com/bid/51766 57716 http://secunia.com/advisories/57716 57719 http://secunia.com/advisories/57719 78679 http://www.osvdb.org/78679 RHSA-2012:0441 http://rhn.redhat.com/errata/RHSA-2012-0441.html RHSA-2012:0519 http://rhn.redhat.com/errata/RHSA-2012-0519.html RHSA-2012:1056 http://rhn.redhat.com/errata/RHSA-2012-1056.html RHSA-2012:1057 http://rhn.redhat.com/errata/RHSA-2012-1057.html RHSA-2012:1058 http://rhn.redhat.com/errata/RHSA-2012-1058.html RHSA-2012:1059 http://rhn.redhat.com/errata/RHSA-2012-1059.html RHSA-2012:1125 http://rhn.redhat.com/errata/RHSA-2012-1125.html RHSA-2014:0371 http://rhn.redhat.com/errata/RHSA-2014-0371.html RHSA-2014:0372 http://rhn.redhat.com/errata/RHSA-2014-0372.html https://bugzilla.redhat.com/show_bug.cgi?id=785631 https://issues.jboss.org/browse/RESTEASY-637 resteasy-xml-info-disclosure(72808) https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.