{ "threat_severity" : "Low", "public_date" : "2021-03-03T00:00:00Z", "bugzilla" : { "description" : "resteasy: Error message exposes endpoint class information", "id" : "1935927", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1935927" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-209", "details" : [ "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality." ], "acknowledgement" : "Red Hat would like to thank Dirk Papenberg (NTT DATA Germany) for reporting this issue.", "affected_release" : [ { "product_name" : "EAP 7.3.10 GA", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5154", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "resteasy-jaxrs" }, { "product_name" : "Red Hat AMQ 7.9.0", "release_date" : "2021-09-30T00:00:00Z", "advisory" : "RHSA-2021:3700", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "resteasy-jaxrs" }, { "product_name" : "Red Hat build of Quarkus 2.2.3", "release_date" : "2021-10-20T00:00:00Z", "advisory" : "RHSA-2021:3880", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "resteasy-core" }, { "product_name" : "Red Hat EAP-XP 2 via EAP 7.3.x base", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0146", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "resteasy-jaxrs" }, { "product_name" : "Red Hat Integration Camel Quarkus 2", "release_date" : "2021-11-23T00:00:00Z", "advisory" : "RHSA-2021:4767", "cpe" : "cpe:/a:redhat:camel_quarkus:2.2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4679", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "resteasy-jaxrs" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5149", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5150", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-cxf-0:3.3.12-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ironjacamar-0:1.5.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jakarta-el-0:3.0.3-3.redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-ejb-client-0:4.0.43-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-10.Final_redhat_00011.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jsoup-0:1.14.2-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-resteasy-0:3.11.5-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.41-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.10-2.GA_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wss4j-0:2.2.7-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5151", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-xml-security-0:2.1.7-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4677", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2021-11-15T00:00:00Z", "advisory" : "RHSA-2021:4676", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-resteasy-0:3.15.2-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.10", "release_date" : "2021-12-15T00:00:00Z", "advisory" : "RHSA-2021:5170", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 7", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0151", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.5 for RHEL 8", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0152", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8", "package" : "rh-sso7-keycloak-0:15.0.4-1.redhat_00001.1.el8sso" }, { "product_name" : "Red Hat Support for Spring Boot 2.5.10", "release_date" : "2022-04-12T00:00:00Z", "advisory" : "RHSA-2022:1179", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "resteasy-jaxrs" }, { "product_name" : "RHAF Camel-K 1.8", "release_date" : "2022-09-09T00:00:00Z", "advisory" : "RHSA-2022:6407", "cpe" : "cpe:/a:redhat:integration:1", "package" : "resteasy-core" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2022-01-18T00:00:00Z", "advisory" : "RHSA-2022:0164", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso75-openshift-rhel8:7.5-15" }, { "product_name" : "RHINT Service Registry 2.0.2 GA", "release_date" : "2021-11-02T00:00:00Z", "advisory" : "RHSA-2021:4100", "cpe" : "cpe:/a:redhat:integration:1", "package" : "resteasy-core" }, { "product_name" : "RHSSO 7.5.1", "release_date" : "2022-01-17T00:00:00Z", "advisory" : "RHSA-2022:0155", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "resteasy-jaxrs" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "resteasy-base", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "pki-deps:10.6/resteasy", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "resteasy", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Affected", "package_name" : "resteasy-core", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Affected", "package_name" : "resteasy-core", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Not affected", "package_name" : "resteasy-core", "cpe" : "cpe:/a:redhat:camel_quarkus:2", "impact" : "low" }, { "product_name" : "Red Hat JBoss BRMS 5", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Out of support scope", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Fix deferred", "package_name" : "candlepin", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat support for Spring Boot", "fix_state" : "Affected", "package_name" : "resteasy-jaxrs", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-20289\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20289" ], "name" : "CVE-2021-20289", "csaw" : false }