Vulnerabilities > CVE-2016-7050 - Deserialization of Untrusted Data vulnerability in Redhat products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
redhat
CWE-502
nessus
NVD
Published: 2017-06-08
Updated: 2017-06-16

Summary

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
OS
Redhat
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1057.NASL
    descriptionAccording to the version of the resteasy-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.(CVE-2016-7050) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99819
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99819
    titleEulerOS 2.0 SP1 : resteasy-base (EulerOS-SA-2016-1057)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2604.NASL
    descriptionFrom Red Hat Security Advisory 2016:2604 : An update for resteasy-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix(es) : * It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050) Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94723
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94723
    titleOracle Linux 7 : resteasy-base (ELSA-2016-2604)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_RESTEASY_BASE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050) Additional Changes :
    last seen2020-03-18
    modified2016-12-15
    plugin id95859
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95859
    titleScientific Linux Security Update : resteasy-base on SL7.x (noarch) (20161103)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2604.NASL
    descriptionAn update for resteasy-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix(es) : * It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050) Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94567
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94567
    titleRHEL 7 : resteasy-base (RHSA-2016:2604)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2604.NASL
    descriptionAn update for resteasy-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix(es) : * It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050) Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id95350
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95350
    titleCentOS 7 : resteasy-base (CESA-2016:2604)

Redhat

advisories
bugzilla
id1378613
titleCVE-2016-7050 RESTEasy:SerializableProvider enabled by default and deserializes untrusted data
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentresteasy-base-jaxb-provider is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604001
        • commentresteasy-base-jaxb-provider is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011002
      • AND
        • commentresteasy-base-providers-pom is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604003
        • commentresteasy-base-providers-pom is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011022
      • AND
        • commentresteasy-base-jackson-provider is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604005
        • commentresteasy-base-jackson-provider is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011014
      • AND
        • commentresteasy-base-atom-provider is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604007
        • commentresteasy-base-atom-provider is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011008
      • AND
        • commentresteasy-base-jaxrs is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604009
        • commentresteasy-base-jaxrs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011004
      • AND
        • commentresteasy-base-tjws is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604011
        • commentresteasy-base-tjws is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011020
      • AND
        • commentresteasy-base-javadoc is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604013
        • commentresteasy-base-javadoc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011018
      • AND
        • commentresteasy-base-client is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604015
        • commentresteasy-base-client is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162604016
      • AND
        • commentresteasy-base-jaxrs-api is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604017
        • commentresteasy-base-jaxrs-api is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011006
      • AND
        • commentresteasy-base is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604019
        • commentresteasy-base is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011016
      • AND
        • commentresteasy-base-jettison-provider is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604021
        • commentresteasy-base-jettison-provider is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011010
      • AND
        • commentresteasy-base-resteasy-pom is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604023
        • commentresteasy-base-resteasy-pom is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162604024
      • AND
        • commentresteasy-base-jaxrs-all is earlier than 0:3.0.6-4.el7
          ovaloval:com.redhat.rhsa:tst:20162604025
        • commentresteasy-base-jaxrs-all is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20141011012
rhsa
idRHSA-2016:2604
released2016-11-03
severityImportant
titleRHSA-2016:2604: resteasy-base security and bug fix update (Important)
rpms
  • resteasy-base-0:3.0.6-4.el7
  • resteasy-base-atom-provider-0:3.0.6-4.el7
  • resteasy-base-client-0:3.0.6-4.el7
  • resteasy-base-jackson-provider-0:3.0.6-4.el7
  • resteasy-base-javadoc-0:3.0.6-4.el7
  • resteasy-base-jaxb-provider-0:3.0.6-4.el7
  • resteasy-base-jaxrs-0:3.0.6-4.el7
  • resteasy-base-jaxrs-all-0:3.0.6-4.el7
  • resteasy-base-jaxrs-api-0:3.0.6-4.el7
  • resteasy-base-jettison-provider-0:3.0.6-4.el7
  • resteasy-base-providers-pom-0:3.0.6-4.el7
  • resteasy-base-resteasy-pom-0:3.0.6-4.el7
  • resteasy-base-tjws-0:3.0.6-4.el7

References