First published: Fri Sep 04 2020(Updated: )
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information in headers, cookies and body when the server got WebApplicationException from the RESTEasy client call.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/resteasy | <4.5.9. | 4.5.9. |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el6ea | 0:2.9.0-7.redhat_00017.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el6ea | 0:2.3.9-12.SP13_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el6ea | 0:3.2.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el6ea | 0:5.3.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el6ea | 0:4.5.13-1.redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el6ea | 0:4.0.37-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el6ea | 0:2.0.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el6ea | 0:1.11.0-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el6ea | 0:5.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el6ea | 0:1.7.2-4.Final_redhat_00005.1.el6ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el6ea | 0:3.7.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el6ea | 0:5.9.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el6ea | 0:0.0.4.1-2.redhat_00002.1.el6ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el6ea | 0:3.11.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el6ea | 0:2.0.33-1.SP2_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el6ea | 0:7.3.5-2.GA_redhat_00001.1.el6ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el6ea | 0:1.2.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el6ea | 0:1.10.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el6ea | 0:1.0.24-1.Final_redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el7ea | 0:2.9.0-7.redhat_00017.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el7ea | 0:2.3.9-12.SP13_redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el7ea | 0:3.2.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el7ea | 0:5.3.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el7ea | 0:4.5.13-1.redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el7ea | 0:4.0.37-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el7ea | 0:2.0.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el7ea | 0:1.11.0-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el7ea | 0:5.0.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el7ea | 0:1.7.2-4.Final_redhat_00005.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el7ea | 0:3.7.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el7ea | 0:5.9.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el7ea | 0:0.0.4.1-2.redhat_00002.1.el7ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el7ea | 0:3.11.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el7ea | 0:2.0.33-1.SP2_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el7ea | 0:7.3.5-2.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el7ea | 0:1.2.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el7ea | 0:1.10.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el7ea | 0:1.0.24-1.Final_redhat_00001.1.el7ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el8ea | 0:2.9.0-7.redhat_00017.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el8ea | 0:2.3.9-12.SP13_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el8ea | 0:3.2.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el8ea | 0:5.3.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el8ea | 0:4.5.13-1.redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el8ea | 0:4.0.37-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el8ea | 0:2.0.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el8ea | 0:1.11.0-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el8ea | 0:5.0.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el8ea | 0:1.7.2-4.Final_redhat_00005.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el8ea | 0:3.7.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el8ea | 0:5.9.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el8ea | 0:0.0.4.1-2.redhat_00002.1.el8ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el8ea | 0:3.11.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el8ea | 0:2.0.33-1.SP2_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el8ea | 0:7.3.5-2.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el8ea | 0:1.2.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el8ea | 0:1.10.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el8ea | 0:1.0.24-1.Final_redhat_00001.1.el8ea |
redhat/candlepin | <0:3.1.26-1.el7 | 0:3.1.26-1.el7 |
Redhat Resteasy | <3.14.0 | |
Redhat Resteasy | >=4.5.0<=4.5.6 | |
Quarkus Quarkus | <=1.11.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)