Описание
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | restlet | Under investigation | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse Management Console 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse MQ Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Red Hat JBoss A-MQ 6.0 | Fixed | RHSA-2013:1410 | 07.10.2013 | |
| Red Hat JBoss Fuse 6.0 | Fixed | RHSA-2013:1410 | 07.10.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
The default configuration of the ObjectRepresentation class in Restlet ...
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
EPSS
6.8 Medium
CVSS2