Arbitrary Code Execution Vulnerability in JBoss RESTEasy (CVE-2017-7504)

Arbitrary Code Execution Vulnerability in JBoss RESTEasy (CVE-2017-7504)

CVE-2016-9606 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Learn more about our Web Application Penetration Testing UK.