exploitDog

CVE-2016-2510

Опубликовано: 07 апр. 2016

Источник: debian

Описание

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
bsh	fixed	2.0b4-16		package

Примечания

https://github.com/beanshell/beanshell/releases/tag/2.0b6
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced

Связанные уязвимости

CVE-2016-2510

CVSS3: 8.1

ubuntu

почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

CVE-2016-2510

CVSS3: 7.4

redhat

почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

CVE-2016-2510

CVSS3: 8.1

nvd

почти 10 лет назад

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

openSUSE-SU-2016:0788-1

suse-cvrf

почти 10 лет назад

Security update for bsh2

SUSE-SU-2016:0700-1

suse-cvrf

почти 10 лет назад

Security update for bsh2