CVE-2016-6345
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-6345
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | sid | fixed | 3.1.0-1 |
| debian | bookworm | fixed | 3.0.26-1 |
| debian | bullseye | fixed | 3.0.26-1 |
| debian | forky | fixed | 3.0.26-1 |
| debian | trixie | fixed | 3.0.26-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jboss.resteasy:resteasy-client | <3.0.20.Final | 3.0.20.Final |
| Maven | org.jboss.resteasy:resteasy-client | >=3.1.0.Beta1,<3.1.0.CR1 | 3.1.0.CR1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | resteasy | - | |
References
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.