Moderate severityNVD Advisory· Published Nov 23, 2012· Updated Apr 29, 2026
CVE-2011-5245
CVE-2011-5245
Description
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.resteasy:resteasy-jaxb-providerMaven | < 2.3.2 | 2.3.2 |
Affected products
14cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*range: <=2.3.1
- cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.3.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- issues.jboss.org/browse/RESTEASY-647nvdPatchWEB
- secunia.com/advisories/47832nvdVendor Advisory
- secunia.com/advisories/50084nvdVendor Advisory
- github.com/advisories/GHSA-g4jg-gpwv-p7wvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-5245ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2012-1056.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1058.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2012-1059.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0371.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0372.htmlnvdWEB
- www.osvdb.org/78680nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/72808nvdWEB
- github.com/resteasy/resteasy/pull/34ghsaWEB
- issues.jboss.org/browse/RESTEASY/fixforversion/12318708nvdWEB
- rhn.redhat.com/errata/RHSA-2012-0441.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-0519.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1057.htmlnvd
- rhn.redhat.com/errata/RHSA-2012-1125.htmlnvd
- secunia.com/advisories/57716nvd
- secunia.com/advisories/57719nvd
- www.securityfocus.com/bid/51766nvd
News mentions
0No linked articles in our index yet.