Moderate severityNVD Advisory· Published Nov 23, 2012· Updated Apr 29, 2026
CVE-2012-0818
CVE-2012-0818
Description
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.resteasy:resteasy-clientMaven | < 2.3.1 | 2.3.1 |
Affected products
13cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*range: <=2.3.0
- cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
39- issues.jboss.org/browse/RESTEASY-637nvdPatchWEB
- rhn.redhat.com/errata/RHSA-2012-0441.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-0519.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-1056.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-1057.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-1058.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-1059.htmlnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2012-1125.htmlnvdVendor AdvisoryWEB
- secunia.com/advisories/47818nvdVendor Advisory
- secunia.com/advisories/47832nvdVendor Advisory
- secunia.com/advisories/50084nvdVendor Advisory
- github.com/advisories/GHSA-wrrh-g7h3-gqmxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-0818ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2014-0371.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0372.htmlnvdWEB
- access.redhat.com/errata/RHSA-2012:0421ghsaWEB
- access.redhat.com/errata/RHSA-2012:0441ghsaWEB
- access.redhat.com/errata/RHSA-2012:0519ghsaWEB
- access.redhat.com/errata/RHSA-2012:1056ghsaWEB
- access.redhat.com/errata/RHSA-2012:1057ghsaWEB
- access.redhat.com/errata/RHSA-2012:1058ghsaWEB
- access.redhat.com/errata/RHSA-2012:1059ghsaWEB
- access.redhat.com/errata/RHSA-2012:1125ghsaWEB
- access.redhat.com/errata/RHSA-2013:1263ghsaWEB
- access.redhat.com/errata/RHSA-2014:0371ghsaWEB
- access.redhat.com/errata/RHSA-2014:0372ghsaWEB
- access.redhat.com/security/cve/CVE-2012-0818ghsaWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/72808nvdWEB
- github.com/resteasy/resteasy/commit/71ace879cf92d323bfa4d3e88db0c3059109bbf6ghsaWEB
- web.archive.org/web/20200229044434/http://www.securityfocus.com/bid/51748ghsaWEB
- web.archive.org/web/20200229045254/https://www.securityfocus.com/bid/51766ghsaWEB
- secunia.com/advisories/48697nvd
- secunia.com/advisories/48954nvd
- secunia.com/advisories/57716nvd
- secunia.com/advisories/57719nvd
- www.osvdb.org/78679nvd
- www.securityfocus.com/bid/51748nvd
- www.securityfocus.com/bid/51766nvd
News mentions
0No linked articles in our index yet.