Описание
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | restlet | Under investigation | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse Management Console 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse MQ Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Red Hat JBoss A-MQ 6.0 | Fixed | RHSA-2013:1410 | 07.10.2013 | |
| Red Hat JBoss Fuse 6.0 | Fixed | RHSA-2013:1410 | 07.10.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS2
Связанные уязвимости
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
The default configuration of the ObjectRepresentation class in Restlet ...
Restlet Arbitrary Java Code Execution via a serialized object
EPSS
7.5 High
CVSS2