CVE-2016-6501

Опубликовано: 09 дек. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

Ссылки

http://www.securityfocus.com/bid/94855
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
Not Applicable
https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-MainUpdates.7
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/94855
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
Not Applicable
https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-MainUpdates.7
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:*:*:*

Версия до 4.10 (включая)

EPSS

Процентиль: 82%

0.01685

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-q2cx-7mm8-8j2x