CVE-2011-5245 - Vulnerability Details

Vendors	Products
Redhat	Jboss Bpms Jboss Brms Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Web Platform Jboss Soa Platform Resteasy Rhev Manager

Package	CPE	Advisory	Released Date
JBEWP 5 for RHEL 5
resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_platform:5::el5	RHSA-2012:1058	2012-07-05T00:00:00Z
JBEWP 5 for RHEL 6
resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_platform:5::el6	RHSA-2012:1058	2012-07-05T00:00:00Z
JBoss Enterprise BRMS Platform 5.2
	cpe:/a:redhat:jboss_enterprise_brms_platform:5.2	RHSA-2012:0441	2012-04-02T00:00:00Z
Red Hat JBoss BPMS 6.0
security	cpe:/a:redhat:jboss_bpms:6.0	RHSA-2014:0371	2014-04-03T00:00:00Z
Red Hat JBoss BRMS 6.0
security	cpe:/a:redhat:jboss_brms:6.0	RHSA-2014:0372	2014-04-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.1
	cpe:/a:redhat:jboss_enterprise_application_platform:5.1	RHSA-2012:1056	2012-07-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4
resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:5::el4	RHSA-2012:1059	2012-07-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5
resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:5::el5	RHSA-2012:1059	2012-07-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6
resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6	cpe:/a:redhat:jboss_enterprise_application_platform:5::el6	RHSA-2012:1059	2012-07-05T00:00:00Z
Red Hat JBoss Portal 5.2
	cpe:/a:redhat:jboss_enterprise_portal_platform:5.2	RHSA-2012:0519	2012-04-25T00:00:00Z
Red Hat JBoss SOA Platform 5.3
	cpe:/a:redhat:jboss_soa_platform:5.3	RHSA-2012:1125	2012-07-31T00:00:00Z
Red Hat JBoss Web Platform 5.1
	cpe:/a:redhat:jboss_enterprise_web_platform:5.1	RHSA-2012:1057	2012-07-05T00:00:00Z
RHEV Manager version 3.0
org.ovirt.engine-root-0:3.0.3_0001-3	cpe:/a:redhat:rhev_manager:3	RHSA-2012:0421	2012-03-26T00:00:00Z

Link	Providers
http://rhn.redhat.com/errata/RHSA-2012-0441.html
http://rhn.redhat.com/errata/RHSA-2012-0519.html
http://rhn.redhat.com/errata/RHSA-2012-1056.html
http://rhn.redhat.com/errata/RHSA-2012-1057.html
http://rhn.redhat.com/errata/RHSA-2012-1058.html
http://rhn.redhat.com/errata/RHSA-2012-1059.html
http://rhn.redhat.com/errata/RHSA-2012-1125.html
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/47832
http://secunia.com/advisories/50084
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
http://www.osvdb.org/78680
http://www.securityfocus.com/bid/51766
https://bugzilla.redhat.com/show_bug.cgi?id=785631
https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
https://issues.jboss.org/browse/RESTEASY-647
https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708
https://nvd.nist.gov/vuln/detail/CVE-2011-5245
https://www.cve.org/CVERecord?id=CVE-2011-5245

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, {"name": "78680", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/78680"}, {"name": "RHSA-2012:1059", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.jboss.org/browse/RESTEASY-647"}, {"name": "RHSA-2012:1056", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"}, {"name": "RHSA-2012:1058", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"}, {"name": "51766", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51766"}, {"name": "RHSA-2012:0519", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"}, {"name": "50084", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50084"}, {"name": "RHSA-2014:0371", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"}, {"name": "RHSA-2012:1057", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"}, {"name": "resteasy-xml-info-disclosure(72808)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"}, {"name": "RHSA-2012:0441", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"}, {"name": "47832", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47832"}, {"name": "57719", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57719"}, {"name": "57716", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57716"}, {"name": "RHSA-2014:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"}, {"name": "RHSA-2012:1125", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=785631", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, {"name": "78680", "refsource": "OSVDB", "url": "http://www.osvdb.org/78680"}, {"name": "RHSA-2012:1059", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"}, {"name": "https://issues.jboss.org/browse/RESTEASY-647", "refsource": "CONFIRM", "url": "https://issues.jboss.org/browse/RESTEASY-647"}, {"name": "RHSA-2012:1056", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"}, {"name": "RHSA-2012:1058", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"}, {"name": "51766", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51766"}, {"name": "RHSA-2012:0519", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"}, {"name": "50084", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50084"}, {"name": "RHSA-2014:0371", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"}, {"name": "RHSA-2012:1057", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"}, {"name": "resteasy-xml-info-disclosure(72808)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"}, {"name": "RHSA-2012:0441", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"}, {"name": "47832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47832"}, {"name": "57719", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57719"}, {"name": "57716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57716"}, {"name": "RHSA-2014:0372", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"}, {"name": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708", "refsource": "CONFIRM", "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"}, {"name": "RHSA-2012:1125", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:30:46.838Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, {"name": "78680", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/78680"}, {"name": "RHSA-2012:1059", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.jboss.org/browse/RESTEASY-647"}, {"name": "RHSA-2012:1056", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"}, {"name": "RHSA-2012:1058", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"}, {"name": "51766", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51766"}, {"name": "RHSA-2012:0519", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"}, {"name": "50084", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50084"}, {"name": "RHSA-2014:0371", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"}, {"name": "RHSA-2012:1057", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"}, {"name": "resteasy-xml-info-disclosure(72808)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"}, {"name": "RHSA-2012:0441", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"}, {"name": "47832", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47832"}, {"name": "57719", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57719"}, {"name": "57716", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57716"}, {"name": "RHSA-2014:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"}, {"name": "RHSA-2012:1125", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5245", "datePublished": "2012-11-23T20:00:00", "dateReserved": "2012-11-23T00:00:00", "dateUpdated": "2024-08-07T00:30:46.838Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-01-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

1 : { »

name : 78680 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://www.osvdb.org/78680 (string)

}

2 : { »

name : RHSA-2012:1059 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1059.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://issues.jboss.org/browse/RESTEASY-647 (string)

}

4 : { »

name : RHSA-2012:1056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1056.html (string)

}

5 : { »

name : RHSA-2012:1058 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1058.html (string)

}

6 : { »

name : 51766 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/51766 (string)

}

7 : { »

name : RHSA-2012:0519 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-0519.html (string)

}

8 : { »

name : 50084 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/50084 (string)

}

9 : { »

name : RHSA-2014:0371 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0371.html (string)

}

10 : { »

name : RHSA-2012:1057 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1057.html (string)

}

11 : { »

name : resteasy-xml-info-disclosure(72808) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 (string)

}

12 : { »

name : RHSA-2012:0441 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-0441.html (string)

}

13 : { »

name : 47832 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/47832 (string)

}

14 : { »

name : 57719 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/57719 (string)

}

15 : { »

name : 57716 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/57716 (string)

}

16 : { »

name : RHSA-2014:0372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0372.html (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

}

18 : { »

name : RHSA-2012:1125 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1125.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2011-5245 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

refsource : MISC (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

1 : { »

name : 78680 (string)

refsource : OSVDB (string)

url : http://www.osvdb.org/78680 (string)

}

2 : { »

name : RHSA-2012:1059 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1059.html (string)

}

3 : { »

name : https://issues.jboss.org/browse/RESTEASY-647 (string)

refsource : CONFIRM (string)

url : https://issues.jboss.org/browse/RESTEASY-647 (string)

}

4 : { »

name : RHSA-2012:1056 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1056.html (string)

}

5 : { »

name : RHSA-2012:1058 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1058.html (string)

}

6 : { »

name : 51766 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/51766 (string)

}

7 : { »

name : RHSA-2012:0519 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0519.html (string)

}

8 : { »

name : 50084 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/50084 (string)

}

9 : { »

name : RHSA-2014:0371 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0371.html (string)

}

10 : { »

name : RHSA-2012:1057 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1057.html (string)

}

11 : { »

name : resteasy-xml-info-disclosure(72808) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 (string)

}

12 : { »

name : RHSA-2012:0441 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0441.html (string)

}

13 : { »

name : 47832 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/47832 (string)

}

14 : { »

name : 57719 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/57719 (string)

}

15 : { »

name : 57716 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/57716 (string)

}

16 : { »

name : RHSA-2014:0372 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0372.html (string)

}

17 : { »

name : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

refsource : CONFIRM (string)

url : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

}

18 : { »

name : RHSA-2012:1125 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1125.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T00:30:46.838Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

1 : { »

name : 78680 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://www.osvdb.org/78680 (string)

}

2 : { »

name : RHSA-2012:1059 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1059.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://issues.jboss.org/browse/RESTEASY-647 (string)

}

4 : { »

name : RHSA-2012:1056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1056.html (string)

}

5 : { »

name : RHSA-2012:1058 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1058.html (string)

}

6 : { »

name : 51766 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/51766 (string)

}

7 : { »

name : RHSA-2012:0519 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-0519.html (string)

}

8 : { »

name : 50084 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/50084 (string)

}

9 : { »

name : RHSA-2014:0371 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0371.html (string)

}

10 : { »

name : RHSA-2012:1057 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1057.html (string)

}

11 : { »

name : resteasy-xml-info-disclosure(72808) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 (string)

}

12 : { »

name : RHSA-2012:0441 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-0441.html (string)

}

13 : { »

name : 47832 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/47832 (string)

}

14 : { »

name : 57719 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/57719 (string)

}

15 : { »

name : 57716 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/57716 (string)

}

16 : { »

name : RHSA-2014:0372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0372.html (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

}

18 : { »

name : RHSA-2012:1125 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2012-1125.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2011-5245 (string)

datePublished : 2012-11-23T20:00:00 (string)

dateReserved : 2012-11-23T00:00:00 (string)

dateUpdated : 2024-08-07T00:30:46.838Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*", "matchCriteriaId": "044CA736-E165-476F-B9AF-1179A578FE8D", "versionEndIncluding": "2.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "02480F00-302E-49DA-9FF3-41DC8A5A5E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "59E0CE57-59C4-485C-87DB-CD5E3EDFBFC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D332D87E-6270-4DC6-8EC2-8053890DA545", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D0A15B5C-0538-4C1E-99FC-E4620D4157BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AC38C8FE-62D3-4FC6-8BF0-6437A1FC9F26", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B945333E-1B4E-4B60-B060-1186B8AC2527", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F75F5EC0-639A-40D3-871D-1FA38BF1A37E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "22F557EA-05E8-4773-BB81-C0EBFE89C61F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EB842B8-6D95-484F-AE07-9C97BFD161D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC3D6E8C-E691-404C-9647-3ABFBF66FCDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "715FCD38-C218-45AB-824A-0EA7908BA951", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "45635C9A-7AA2-42E0-95CC-C1DEC0AF60BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0BAABB-B49A-4FDC-BD2E-C9C2E9560649", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."}, {"lang": "es", "value": "La funci\u00f3n ReadFrom en providers.jaxb.JAXBXmlTypeProvider en RESTEasy anterior a v2.3.2 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de una referencia de entidad externa en una entrada Java Architecture for XML Binding (JAXB), tambi\u00e9n conocido como ataque de inyecci\u00f3n XML de entidad externa (XXE), una vulnerabilidad CVE-similar a 2.012-0.818."}], "id": "CVE-2011-5245", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-23T20:55:02.163", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47832"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50084"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57716"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57719"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/78680"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51766"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://issues.jboss.org/browse/RESTEASY-647"}, {"source": "cve@mitre.org", "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/78680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://issues.jboss.org/browse/RESTEASY-647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 044CA736-E165-476F-B9AF-1179A578FE8D (string)

versionEndIncluding : 2.3.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 02480F00-302E-49DA-9FF3-41DC8A5A5E39 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 59E0CE57-59C4-485C-87DB-CD5E3EDFBFC6 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : D332D87E-6270-4DC6-8EC2-8053890DA545 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D0A15B5C-0538-4C1E-99FC-E4620D4157BD (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : AC38C8FE-62D3-4FC6-8BF0-6437A1FC9F26 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B945333E-1B4E-4B60-B060-1186B8AC2527 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F75F5EC0-639A-40D3-871D-1FA38BF1A37E (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 22F557EA-05E8-4773-BB81-C0EBFE89C61F (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6EB842B8-6D95-484F-AE07-9C97BFD161D8 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FC3D6E8C-E691-404C-9647-3ABFBF66FCDD (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 715FCD38-C218-45AB-824A-0EA7908BA951 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 45635C9A-7AA2-42E0-95CC-C1DEC0AF60BC (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:redhat:resteasy:2.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F0BAABB-B49A-4FDC-BD2E-C9C2E9560649 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. (string)

}

1 : { »

lang : es (string)

value : La función ReadFrom en providers.jaxb.JAXBXmlTypeProvider en RESTEasy anterior a v2.3.2 permite a atacantes remotos leer archivos de su elección a través de una referencia de entidad externa en una entrada Java Architecture for XML Binding (JAXB), también conocido como ataque de inyección XML de entidad externa (XXE), una vulnerabilidad CVE-similar a 2.012-0.818. (string)

}

]

id : CVE-2011-5245 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2012-11-23T20:55:02.163 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0441.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0519.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1056.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1057.html (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1058.html (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1059.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1125.html (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0371.html (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0372.html (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/47832 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/50084 (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/57716 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/57719 (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.osvdb.org/78680 (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/51766 (string)

}

15 : { »

source : cve@mitre.org (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : https://issues.jboss.org/browse/RESTEASY-647 (string)

}

18 : { »

source : cve@mitre.org (string)

url : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0441.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-0519.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1056.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1057.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1058.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1059.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2012-1125.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0371.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0372.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/47832 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/50084 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/57716 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/57719 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.osvdb.org/78680 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/51766 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/72808 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://issues.jboss.org/browse/RESTEASY-647 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2012:1058", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:1058", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:0441", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.2", "product_name": "JBoss Enterprise BRMS Platform 5.2", "release_date": "2012-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0371", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "security", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2014-04-03T00:00:00Z"}, {"advisory": "RHSA-2014:0372", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "security", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2014-04-03T00:00:00Z"}, {"advisory": "RHSA-2012:1056", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 5.1", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:1059", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:1059", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:1059", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:0519", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2", "product_name": "Red Hat JBoss Portal 5.2", "release_date": "2012-04-25T00:00:00Z"}, {"advisory": "RHSA-2012:1125", "cpe": "cpe:/a:redhat:jboss_soa_platform:5.3", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2012-07-31T00:00:00Z"}, {"advisory": "RHSA-2012:1057", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.1", "product_name": "Red Hat JBoss Web Platform 5.1", "release_date": "2012-07-05T00:00:00Z"}, {"advisory": "RHSA-2012:0421", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "org.ovirt.engine-root-0:3.0.3_0001-3", "product_name": "RHEV Manager version 3.0", "release_date": "2012-03-26T00:00:00Z"}], "bugzilla": {"description": "RESTEasy: XML eXternal Entity (XXE) flaw", "id": "785631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-611", "details": ["The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818."], "name": "CVE-2011-5245", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Affected", "package_name": "Teiid", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Affected", "package_name": "resteasy", "product_name": "Red Hat Storage 2.1"}], "public_date": "2011-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-5245\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-5245"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2012:1058 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5::el5 (string)

package : resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5 (string)

product_name : JBEWP 5 for RHEL 5 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2012:1058 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5::el6 (string)

package : resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6 (string)

product_name : JBEWP 5 for RHEL 6 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2012:0441 (string)

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:5.2 (string)

product_name : JBoss Enterprise BRMS Platform 5.2 (string)

release_date : 2012-04-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:0371 (string)

cpe : cpe:/a:redhat:jboss_bpms:6.0 (string)

package : security (string)

product_name : Red Hat JBoss BPMS 6.0 (string)

release_date : 2014-04-03T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2014:0372 (string)

cpe : cpe:/a:redhat:jboss_brms:6.0 (string)

package : security (string)

product_name : Red Hat JBoss BRMS 6.0 (string)

release_date : 2014-04-03T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2012:1056 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5.1 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5.1 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2012:1059 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el4 (string)

package : resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el4 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2012:1059 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el5 (string)

package : resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el5 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2012:1059 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el6 (string)

package : resteasy-0:1.2.1-10.CP02_patch01.1.ep5.el6 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2012:0519 (string)

cpe : cpe:/a:redhat:jboss_enterprise_portal_platform:5.2 (string)

product_name : Red Hat JBoss Portal 5.2 (string)

release_date : 2012-04-25T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2012:1125 (string)

cpe : cpe:/a:redhat:jboss_soa_platform:5.3 (string)

product_name : Red Hat JBoss SOA Platform 5.3 (string)

release_date : 2012-07-31T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2012:1057 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5.1 (string)

product_name : Red Hat JBoss Web Platform 5.1 (string)

release_date : 2012-07-05T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2012:0421 (string)

cpe : cpe:/a:redhat:rhev_manager:3 (string)

package : org.ovirt.engine-root-0:3.0.3_0001-3 (string)

product_name : RHEV Manager version 3.0 (string)

release_date : 2012-03-26T00:00:00Z (string)

}

]

bugzilla : { »

description : RESTEasy: XML eXternal Entity (XXE) flaw (string)

id : 785631 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=785631 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.0 (string)

cvss_scoring_vector : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-611 (string)

details : [ »

0 : The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. (string)

]

name : CVE-2011-5245 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:5 (string)

fix_state : Affected (string)

package_name : Security (string)

product_name : Red Hat JBoss BRMS 5 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_data_virtualization:6 (string)

fix_state : Affected (string)

package_name : Teiid (string)

product_name : Red Hat JBoss Data Virtualization 6 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_enterprise_soa_platform:5 (string)

fix_state : Affected (string)

package_name : Security (string)

product_name : Red Hat JBoss SOA Platform 5 (string)

}

3 : { »

cpe : cpe:/a:redhat:storage:2.1 (string)

fix_state : Affected (string)

package_name : resteasy (string)

product_name : Red Hat Storage 2.1 (string)

}

]

public_date : 2011-12-30T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2011-5245 https://nvd.nist.gov/vuln/detail/CVE-2011-5245 (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object