VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-wbgc-tuj3-47by

Essentials
Severities (24)
References (17)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-wbgc-tuj3-47by
Aliases	CVE-2016-6346 GHSA-wxvr-vqfp-9cqw
Summary	Uncontrolled Resource Consumption RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
epss	0.01184	https://api.first.org/data/v1/epss?cve=CVE-2016-6346
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=1372120
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1372120
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-wxvr-vqfp-9cqw
cvssv3.1	7.5	https://github.com/resteasy/Resteasy
generic_textual	HIGH	https://github.com/resteasy/Resteasy
cvssv3.1	7.5	https://github.com/resteasy/resteasy/pull/1303
generic_textual	HIGH	https://github.com/resteasy/resteasy/pull/1303
cvssv3.1	7.5	https://issues.jboss.org/browse/JBEAP-11180
generic_textual	HIGH	https://issues.jboss.org/browse/JBEAP-11180
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2016-6346
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2016-6346
cvssv3.1	7.5	http://www.securityfocus.com/bid/92744
generic_textual	HIGH	http://www.securityfocus.com/bid/92744

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-6346
		https://bugzilla.redhat.com/show_bug.cgi?id=1372120
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6346
		https://github.com/resteasy/Resteasy
		https://github.com/resteasy/resteasy/pull/1303
		https://issues.jboss.org/browse/JBEAP-11180
		http://www.securityfocus.com/bid/92744
837170		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
CVE-2016-6346		https://nvd.nist.gov/vuln/detail/CVE-2016-6346
GHSA-wxvr-vqfp-9cqw		https://github.com/advisories/GHSA-wxvr-vqfp-9cqw
RHSA-2017:0517		https://access.redhat.com/errata/RHSA-2017:0517
RHSA-2017:0826		https://access.redhat.com/errata/RHSA-2017:0826
RHSA-2017:0827		https://access.redhat.com/errata/RHSA-2017:0827
RHSA-2017:0828		https://access.redhat.com/errata/RHSA-2017:0828
RHSA-2017:0829		https://access.redhat.com/errata/RHSA-2017:0829
USN-7630-1		https://usn.ubuntu.com/7630-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6346.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1372120

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/resteasy/Resteasy

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/resteasy/resteasy/pull/1303

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://issues.jboss.org/browse/JBEAP-11180

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-6346

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/92744

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.78724
EPSS Score	0.01184
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:05.947382+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-jaxrs/CVE-2016-6346.yml	38.0.0