CVE-2012-0818

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

🔗 References (44)

• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-0441.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-0519.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1056.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1057.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1058.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1059.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1125.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0371.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2014-0372.html
• secalert@redhathttp://secunia.com/advisories/47818
• secalert@redhathttp://secunia.com/advisories/47832
• secalert@redhathttp://secunia.com/advisories/48697
• secalert@redhathttp://secunia.com/advisories/48954
• secalert@redhathttp://secunia.com/advisories/50084
• secalert@redhathttp://secunia.com/advisories/57716