Red Hat Security Blog: October 2017 archives

  • Abuse of RESTEasy Default Providers in JBoss EAP

    Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept only a specific media type, JBoss EAP will dynamically process the request with the default provider matching the Content-Type HTTP Header which the client specifies. Some of the default providers where found to have vulnerabilities which have now...
    Posted 2017-10-18T13:30:00+00:00 - 0
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.