{"containers": {"cna": {"affected": [{"product": "resteasy", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "after 3.0.22"}, {"status": "affected", "version": "after 3.1.2"}]}], "datePublic": "2018-01-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-01-25T19:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:44:11.805Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1051", "dateReserved": "2017-12-04T00:00:00.000Z", "dateUpdated": "2024-08-05T03:44:11.805Z", "state": "PUBLISHED", "datePublished": "2018-01-25T20:00:00.000Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:resteasy:3.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "FBFB466F-5DE9-409D-9228-21D7EA23AC08", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E64FFCE-4AB8-4D1A-BAC7-D4AD26391478", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider."}, {"lang": "es", "value": "Se descubri\u00f3 que la soluci\u00f3n para CVE-2016-9606 en las versiones 3.0.22 y 3.1.2 era incompleta y sigue siendo posible deserializar Yaml en Resteasy mediante la funci\u00f3n Yaml.load() en YamlProvider."}], "id": "CVE-2018-1051", "lastModified": "2024-11-21T03:59:04.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-25T20:29:00.307", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Rui Chong (Baidu) for reporting this issue.", "bugzilla": {"description": "resteasy: Unsafe unmarshalling in YamlProvider allows code execution", "id": "1535411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535411"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider."], "mitigation": {"lang": "en:us", "value": "If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability."}, "name": "CVE-2018-1051", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "resteasy-base", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Out of support scope", "package_name": "resteasy", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "resteasy", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "resteasy", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Out of support scope", "package_name": "resteasy", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Out of support scope", "package_name": "resteasy", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "millicore", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "package_name": "eap7-resteasy-yaml-provider", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-01-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1051\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1051"], "statement": "This issue only affects applications which have the YamlProvider explicitly enabled by adding or appending a file with the name 'META-INF/services/javax.ws.rs.ext.Providers' to your WAR, or JAR with the contents 'org.jboss.resteasy.plugins.providers.YamlProvider'\nresteasy-base as shipped in Red Hat Enterprise Linux 7 does not include YamlProvider.\nRed Hat Subscription Asset Manager version 1 is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.\nThis issue affects the versions of resteasy as shipped with Red Hat Satellite version 6, however Satellite version 6 does not use the affected functionality. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue.\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}

{}