Published: 08/06/2017 Updated: 16/06/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote malicious users to execute arbitrary code.

Vendor Advisories

Synopsis Important: resteasy-base security and bug fix update Type/Severity Security Advisory: Important Topic An update for resteasy-base is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...

Github Repositories

Unsafe JAX-RS extension for Burp Suite Unsafe JAX-RS is an active scanner extension for Burp Suite to check JAX-RS application for common security flaws Currently following checks are implemented: Entity provider selection scan WADL scan CSRF scan JSONP scan Async jobs scan DoS via GZIP bombing scan Content negotiation scan Exception mapping scan Extension can identify follo