Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-6814

Опубликовано: 18 янв. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

РелизСтатусПримечание
artful

not-affected

2.4.8-1
bionic

not-affected

2.4.8-1
cosmic

not-affected

2.4.8-1
devel

not-affected

2.4.8-1
disco

not-affected

2.4.8-1
eoan

not-affected

2.4.8-1
esm-apps/bionic

not-affected

2.4.8-1
esm-apps/focal

not-affected

2.4.8-1
esm-apps/jammy

not-affected

2.4.8-1
esm-apps/noble

not-affected

2.4.8-1

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/xenial

released

2.4.5-1ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 86%
0.02801
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-6814

CVSS3: 9.6
redhat
почти 9 лет назад

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

nvd логотип

CVE-2016-6814

CVSS3: 9.8
nvd
почти 8 лет назад

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

debian логотип

CVE-2016-6814

CVSS3: 9.8
debian
почти 8 лет назад

When an application with unsupported Codehaus versions of Groovy from ...

github логотип

GHSA-xphj-m9cc-8fmq

CVSS3: 9.8
github
больше 3 лет назад

Deserialization of Untrusted Data in Groovy

oracle-oval логотип

ELSA-2017-2486

oracle-oval
около 8 лет назад

ELSA-2017-2486: groovy security update (IMPORTANT)

EPSS

Процентиль: 86%
0.02801
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3