CVE-2017-5878 Vulnerability in maven package org.red5:red5-server

Description

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.

Remediation

References

http://www.openwall.com/lists/oss-security/2017/05/22/2

https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true

Related Vulnerabilities

CVE-2018-5158 Vulnerability in maven package org.webjars.bower:pdfjs-dist

CVE-2014-9634 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-37580 Vulnerability in maven package org.apache.shenyu:shenyu-admin

CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.11

CVE-2023-46589 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H