Test ID:	1.3.6.1.4.1.25623.1.0.871217
Category:	Red Hat Local Security Checks
Title:	RedHat Update for resteasy-base RHSA-2014:1011-01
Summary:	The remote host is missing an update for the 'resteasy-base'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'resteasy-base' package(s) announced via the referenced advisory. Vulnerability Insight: RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: resteasy-base on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3490 BugTraq ID: 69058 http://www.securityfocus.com/bid/69058 https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83 RedHat Security Advisories: RHSA-2014:1011 http://rhn.redhat.com/errata/RHSA-2014-1011.html RedHat Security Advisories: RHSA-2014:1039 http://rhn.redhat.com/errata/RHSA-2014-1039.html RedHat Security Advisories: RHSA-2014:1040 http://rhn.redhat.com/errata/RHSA-2014-1040.html RedHat Security Advisories: RHSA-2014:1298 http://rhn.redhat.com/errata/RHSA-2014-1298.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html http://secunia.com/advisories/60019 Common Vulnerability Exposure (CVE) ID: CVE-2012-0818 47818 http://secunia.com/advisories/47818 47832 http://secunia.com/advisories/47832 48697 http://secunia.com/advisories/48697 48954 http://secunia.com/advisories/48954 50084 http://secunia.com/advisories/50084 51748 http://www.securityfocus.com/bid/51748 51766 http://www.securityfocus.com/bid/51766 57716 http://secunia.com/advisories/57716 57719 http://secunia.com/advisories/57719 78679 http://www.osvdb.org/78679 RHSA-2012:0441 http://rhn.redhat.com/errata/RHSA-2012-0441.html RHSA-2012:0519 http://rhn.redhat.com/errata/RHSA-2012-0519.html RHSA-2012:1056 http://rhn.redhat.com/errata/RHSA-2012-1056.html RHSA-2012:1057 http://rhn.redhat.com/errata/RHSA-2012-1057.html RHSA-2012:1058 http://rhn.redhat.com/errata/RHSA-2012-1058.html RHSA-2012:1059 http://rhn.redhat.com/errata/RHSA-2012-1059.html RHSA-2012:1125 http://rhn.redhat.com/errata/RHSA-2012-1125.html RHSA-2014:0371 http://rhn.redhat.com/errata/RHSA-2014-0371.html RHSA-2014:0372 http://rhn.redhat.com/errata/RHSA-2014-0372.html https://bugzilla.redhat.com/show_bug.cgi?id=785631 https://issues.jboss.org/browse/RESTEASY-637 resteasy-xml-info-disclosure(72808) https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.