Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-6348

Published: 12/04/2017 Updated: 19/04/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Redhat

Vulnerability Summary

JacksonJsonpInterceptor in RESTEasy might allow remote malicious users to conduct a cross-site script inclusion (XSSI) attack.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat resteasy -

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2016-6345 / CVE-2016-6346 / CVE-2016-6347 / CVE-2016-6348
Debian Bug report logs - #837170 CVE-2016-6345 / CVE-2016-6346 / CVE-2016-6347 / CVE-2016-6348 Package: src:resteasy; Maintainer for src:resteasy is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 9 Sep 2016 17:36:02 UTC Severity: im ...
Red Hat: CVE-2016-6348
It was found that in some configurations the JacksonJsonpInterceptor is activated by default in RESTEasy An attacker could use this flaw to launch a Cross Site Scripting Inclusion attack ...

References

CWE-79https://bugzilla.redhat.com/show_bug.cgi?id=1372129https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2016-6348
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook