CVE-2013-4271 – Restlet: remote code execution due to insecure deserialization

https://notcve.org/view.php?id=CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221. La configuración por defecto de la clase ObjectRepresentation en Restlet anterior a la versión 2.1.4 deserializa objetos de fuentes no confiables, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de objetos serializados, una vulnerabilidad diferente a CVE-2013-4221. • http://restlet.org/learn/2.1/changes http://rhn.redhat.com/errata/RHSA-2013-1410.html http://rhn.redhat.com/errata/RHSA-2013-1862.html https://bugzilla.redhat.com/show_bug.cgi?id=999735 https://github.com/restlet/restlet-framework-java/issues/778 https://access.redhat.com/security/cve/CVE-2013-4271 • CWE-502: Deserialization of Untrusted Data •