Candidate: CVE-2016-7050
PublicDate: 2017-06-08 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7050
Description:
 SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red
 Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red
 Hat Enterprise Linux Workstation 7 allows remote attackers to execute
 arbitrary code.
Ubuntu-Description:
Notes:
 ebarretto> The SerializableProvider has been disabled by default in 3.0.17
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_resteasy:
upstream_resteasy: needs-triage
precise_resteasy: DNE
precise/esm_resteasy: DNE
trusty_resteasy: DNE
trusty/esm_resteasy: DNE
vivid/stable-phone-overlay_resteasy: DNE
vivid/ubuntu-core_resteasy: DNE
xenial_resteasy: ignored (end of standard support, was needed)
yakkety_resteasy: ignored (reached end-of-life)
zesty_resteasy: ignored (reached end-of-life)
artful_resteasy: ignored (reached end-of-life)
bionic_resteasy: DNE
cosmic_resteasy: DNE
disco_resteasy: not-affected (3.0.17)
eoan_resteasy: not-affected (3.0.17)
focal_resteasy: not-affected (3.0.17)
groovy_resteasy: not-affected (3.0.17)
hirsute_resteasy: not-affected (3.0.17)
impish_resteasy: not-affected (3.0.17)
jammy_resteasy: not-affected (3.0.17)
devel_resteasy: not-affected (3.0.17)