VulnerableCode Package Details - pkg:rpm/redhat/eap7-resteasy@3.0.19-5.SP3_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-77xn-dtdn-hfa2 Aliases: CVE-2017-2666 GHSA-mcfm-h73v-635m	Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.	There are no reported fixed by versions.
VCID-9zut-79gt-1bgy Aliases: CVE-2017-2670 GHSA-3x7h-5hfr-hvjm	It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.	There are no reported fixed by versions.
VCID-jtbq-4rr9-vud6 Aliases: CVE-2017-2595	wildfly: Arbitrary file read via path traversal	There are no reported fixed by versions.
VCID-p3uc-ee2b-fff5 Aliases: CVE-2016-9606 GHSA-hgjr-xwj3-jfvw	Improper Input Validation JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-77xn-dtdn-hfa2
Aliases:
CVE-2017-2666
GHSA-mcfm-h73v-635m

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

There are no reported fixed by versions.

VCID-9zut-79gt-1bgy
Aliases:
CVE-2017-2670
GHSA-3x7h-5hfr-hvjm

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

There are no reported fixed by versions.

VCID-jtbq-4rr9-vud6
Aliases:
CVE-2017-2595

wildfly: Arbitrary file read via path traversal

There are no reported fixed by versions.

VCID-p3uc-ee2b-fff5
Aliases:
CVE-2016-9606
GHSA-hgjr-xwj3-jfvw

Improper Input Validation JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:32:59.128845+00:00	RedHat Importer	Affected by	VCID-p3uc-ee2b-fff5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9606.json	38.0.0
2026-04-01T14:30:42.711110+00:00	RedHat Importer	Affected by	VCID-9zut-79gt-1bgy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json	38.0.0
2026-04-01T14:30:34.454804+00:00	RedHat Importer	Affected by	VCID-77xn-dtdn-hfa2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json	38.0.0
2026-04-01T14:30:25.935868+00:00	RedHat Importer	Affected by	VCID-jtbq-4rr9-vud6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2595.json	38.0.0