CVE-2012-0818

CWE-200Information ExposureCWE-611XML External Entity (XXE)CWE-26611 documents6 sources
Severity
5.0MEDIUM
EPSS
1.4%
top 19.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Resteasy
Timeline
PublishedNov 23
Latest updateMay 17

Description

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDredhat/resteasy2.3.0+12

Patches

Patch: issues.jboss.orgPatch: issues.jboss.org

🔴Vulnerability Details

5
OSV
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy2022-05-17
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy2022-05-17
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy2022-05-17
GHSA
Incorrect Privilege Assignment in RESTEasy2022-05-14
CVEList
CVE-2012-0818: RESTEasy before 22012-11-23

📋Vendor Advisories

3
Red Hat
RESTEasy: XXE via parameter entities2014-07-23
Red Hat
RESTEasy: XML eXternal Entity (XXE) flaw2011-12-30
Red Hat
RESTEasy: XML eXternal Entity (XXE) flaw2011-12-30

💬Community

2
Bugzilla
CVE-2014-3490 RESTEasy: XXE via parameter entities2014-06-11
Bugzilla
CVE-2011-5245 CVE-2012-0818 RESTEasy: XML eXternal Entity (XXE) flaw2012-01-30
CVE-2012-0818 (MEDIUM CVSS 5) | RESTEasy before 2.3.1 allows remote | cvebase.io