Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Remediation

References

CVE-2013-4221

Related Vulnerabilities

Apache HTTP Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-0747)

WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.13)

Oracle JRE CVE-2022-21291 Vulnerability (CVE-2022-21291)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6452)

Severity

High

Classification

CVE-2013-4221 CWE-91

Tags

Missing Update Known Vulnerabilities