CVE-2016-6809

Опубликовано: 10 нояб. 2016

Источник: redhat

CVSS3: 7.8

CVSS2: 5.1

Описание

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Developer Toolset 4.1	devtoolset-4-tika	Not affected
Red Hat JBoss Enterprise Web Server 1	tika-core	Not affected
Red Hat JBoss Enterprise Web Server 1	tika-parsers	Not affected
Red Hat Software Collections	rh-eclipse46-tika	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-502

https://bugzilla.redhat.com/show_bug.cgi?id=1394156tika: Native deserialization of Java objects in matlab files

7.8 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2016-6809

CVSS3: 9.8

ubuntu

почти 9 лет назад

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

CVE-2016-6809

CVSS3: 9.8

nvd

почти 9 лет назад

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

CVE-2016-6809

CVSS3: 9.8

debian

почти 9 лет назад

Apache Tika before 1.14 allows Java code execution for serialized obje ...

GHSA-j8g6-2wh7-6439

CVSS3: 9.8

github

больше 7 лет назад

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

7.8 High

CVSS3

5.1 Medium

CVSS2