IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/79539
http://www.securityfocus.com/bid/56460