[Bug 1372120] New: CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1372120
Bug ID: 1372120
Summary: CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in
RESTEasy can lead to denial of service attack
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: jshepherd(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, aszczucz(a)redhat.com,
bazulay(a)redhat.com, bbaranow(a)redhat.com,
bdawidow(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmcclain(a)redhat.com,
cbillett(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
dblechte(a)redhat.com, dosoudil(a)redhat.com,
eedri(a)redhat.com, epp-bugs(a)redhat.com,
etirelli(a)redhat.com, felias(a)redhat.com,
fnasser(a)redhat.com, gklein(a)redhat.com,
gvarsami(a)redhat.com, hchiorea(a)redhat.com,
hfnukal(a)redhat.com, huwang(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jbpapp-maint(a)redhat.com, jcoleman(a)redhat.com,
jdg-bugs(a)redhat.com, jmatthew(a)redhat.com,
jolee(a)redhat.com, jpallich(a)redhat.com,
jshepherd(a)redhat.com, katello-bugs(a)redhat.com,
kconner(a)redhat.com, kseifried(a)redhat.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, lpetrovi(a)redhat.com,
lsurette(a)redhat.com, mbaluch(a)redhat.com,
mgoldboi(a)redhat.com, mgoldman(a)redhat.com,
miburman(a)redhat.com, michal.skrivanek(a)redhat.com,
mmccune(a)redhat.com, mweiler(a)redhat.com,
mwinkler(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, ohadlevy(a)redhat.com,
oourfali(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, pkliczew(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
puntogil(a)libero.it, rcernich(a)redhat.com,
Rhev-m-bugs(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
satellite6-bugs(a)redhat.com, sherold(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com,
spinder(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com,
tlestach(a)redhat.com, tomckay(a)redhat.com,
tsanders(a)redhat.com, ttarrant(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com, ydary(a)redhat.com,
ykaul(a)redhat.com
It was found that GZIPInterceptor is enabled when not necessarily required in
RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1632462] CVE-2018-11761 tika: XML entity expansion vulnerability due to lack of limit configuration
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1632462
Cedric Buissart <cbuissar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0919,reported=20180919,sour |0919,reported=20180919,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:N/ |V:N/AC:L/PR:N/UI:N/S:U/C:N/
|I:N/A:H,cwe=CWE-776,fedora- |I:N/A:H,cwe=CWE-776,fedora-
|all/tika=affected,rhscl-3/r |all/tika=affected,rhscl-3/r
|h-eclipse46-tika=affected,f |h-eclipse46-tika=wontfix,fi
|is-2/tika-core=new,fuse-7/c |s-2/tika-core=new,fuse-7/ca
|amel-tika=new,fsw-6/tika-co |mel-tika=new,fsw-6/tika-cor
|re=new,brms-5/tika-core=new |e=new,brms-5/tika-core=new,
|,brms-6/tika-core=new,bpms- |brms-6/tika-core=new,bpms-6
|6/tika-core=new,jdv-6/tika- |/tika-core=new,jdv-6/tika-c
|core=new,rhn_satellite_5/ti |ore=new,rhn_satellite_5/tik
|ka=wontfix/impact=low |a=wontfix/impact=low
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months