Vulnerabilities > Redhat > Resteasy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2016-6348 | Cross-site Scripting vulnerability in Redhat Resteasy JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | 4.3 |
| 2016-09-07 | CVE-2016-6346 | Denial of Service vulnerability in RedHat RESTEasy RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2016-09-07 | CVE-2016-6345 | Information Exposure vulnerability in Redhat Resteasy RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | 4.0 |
| 2014-11-25 | CVE-2014-7839 | Improper Input Validation vulnerability in Redhat Resteasy 2.3.7/3.0.9 DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | 6.4 |
| 2012-11-23 | CVE-2011-5245 | Information Exposure vulnerability in Redhat Resteasy The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | 5.0 |