← Retour aux CVEs
CVE-2017-5878
CRITICAL9.8
Description
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/8/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
red5:media_server
Faiblesses (CWE)
CWE-502
References
http://www.openwall.com/lists/oss-security/2017/05/22/2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/05/22/2(af854a3a-2127-422b-91ae-364da2661108)
https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.