1 results (0.001 seconds)
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0
CVE-2017-5878
https://notcve.org/view.php?id=CVE-2017-5878
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. Los unmarshallers AMF en Red5 Media Server en versiones anteriores a la 1.0.8 no restringen las clases para las que realizan deserialización, lo que permite que atacantes remotos ejecuten código arbitrario mediante datos Java serializados manipulados. • http://www.openwall.com/lists/oss-security/2017/05/22/2 https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true • CWE-502: Deserialization of Untrusted Data •