CVE-2012-0818: XEE
First published: Fri Dec 30 2011(Updated: )
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/resteasy | <0:1.2.1-10.CP02_patch01.1.ep5.el5 | 0:1.2.1-10.CP02_patch01.1.ep5.el5 |
| redhat/resteasy | <0:1.2.1-10.CP02_patch01.1.ep5.el6 | 0:1.2.1-10.CP02_patch01.1.ep5.el6 |
| redhat/resteasy | <0:1.2.1-10.CP02_patch01.1.ep5.el4 | 0:1.2.1-10.CP02_patch01.1.ep5.el4 |
| redhat/otopi | <0:1.1.0-1.el6e | 0:1.1.0-1.el6e |
| redhat/ovirt-host-deploy | <0:1.1.0-1.el6e | 0:1.1.0-1.el6e |
| redhat/python-daemon | <0:1.5.2-1.el6 | 0:1.5.2-1.el6 |
| redhat/python-kitchen | <0:1.1.1-2.el6e | 0:1.1.1-2.el6e |
| redhat/python-lockfile | <0:0.8-5.el6 | 0:0.8-5.el6 |
| redhat/python-ply | <0:3.3-7.el6e | 0:3.3-7.el6e |
| redhat/redhat-access-plugin-storage | <0:2.1.0-0.el6 | 0:2.1.0-0.el6 |
| redhat/rhsc-cli | <0:2.1.0.0-0.bb3a.el6 | 0:2.1.0.0-0.bb3a.el6 |
| redhat/rhsc-log-collector | <0:2.1-0.1.el6 | 0:2.1-0.1.el6 |
| redhat/rhsc-sdk | <0:2.1.0.0-0.bb3a.el6 | 0:2.1.0.0-0.bb3a.el6 |
| Redhat Resteasy | <=2.3.0 | |
| Redhat Resteasy | =1.0.0 | |
| Redhat Resteasy | =1.0.1 | |
| Redhat Resteasy | =1.0.2 | |
| Redhat Resteasy | =1.1 | |
| Redhat Resteasy | =1.2 | |
| Redhat Resteasy | =2.0.0 | |
| Redhat Resteasy | =2.0.1 | |
| Redhat Resteasy | =2.1.0 | |
| Redhat Resteasy | =2.2.0 | |
| Redhat Resteasy | =2.2.1 | |
| Redhat Resteasy | =2.2.2 | |
| Redhat Resteasy | =2.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2012-0818 https://nvd.nist.gov/vuln/detail/CVE-2012-0818
- https://bugzilla.redhat.com/show_bug.cgi?id=785631
- https://access.redhat.com/errata/RHSA-2012:1058
- https://access.redhat.com/errata/RHSA-2012:0441
- https://access.redhat.com/errata/RHSA-2014:0371
- https://access.redhat.com/errata/RHSA-2014:0372
- https://access.redhat.com/errata/RHSA-2012:1056
- https://access.redhat.com/errata/RHSA-2012:1059
- https://access.redhat.com/errata/RHSA-2012:0519
- https://access.redhat.com/errata/RHSA-2012:1125
- https://access.redhat.com/errata/RHSA-2012:1057
- https://access.redhat.com/errata/RHSA-2013:1263
- https://access.redhat.com/errata/RHSA-2012:0421
- https://access.redhat.com/security/cve/CVE-2012-0818
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://rhn.redhat.com/errata/RHSA-2012-1056.html
- http://rhn.redhat.com/errata/RHSA-2012-1057.html
- http://rhn.redhat.com/errata/RHSA-2012-1058.html
- http://rhn.redhat.com/errata/RHSA-2012-1059.html
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- http://secunia.com/advisories/47818
- http://secunia.com/advisories/47832
- http://secunia.com/advisories/48697
- http://secunia.com/advisories/48954
- http://secunia.com/advisories/50084
- http://secunia.com/advisories/57716
- http://secunia.com/advisories/57719
- http://www.osvdb.org/78679
- http://www.securityfocus.com/bid/51748
- http://www.securityfocus.com/bid/51766
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
- https://issues.jboss.org/browse/RESTEASY-637
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/redhat
- canonical/redhat resteasy
- version/redhat resteasy/2.3.0
- version/redhat resteasy/1.0.0
- version/redhat resteasy/1.0.1
- version/redhat resteasy/1.0.2
- version/redhat resteasy/1.1
- version/redhat resteasy/1.2
- version/redhat resteasy/2.0.0
- version/redhat resteasy/2.0.1
- version/redhat resteasy/2.1.0
- version/redhat resteasy/2.2.0
- version/redhat resteasy/2.2.1
- version/redhat resteasy/2.2.2
- version/redhat resteasy/2.2.3