← volver
CVE-2013-4221

CVE-2013-4221

EPSS 2.9%
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.htmlhttp://restlet.org/learn/2.1/changeshttp://rhn.redhat.com/errata/RHSA-2013-1410.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1862.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=995275https://github.com/restlet/restlet-framework-java/issues/774