CVE-2013-4221

Restlet: remote code execution due to insecure XML deserialization

Severity Score

7.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

La configuración por defecto de la clase ObjectRepresentation en Restlet anterior a la versión 2.1.4 deserializa objetos desde fuentes no confiables usando Java XMLDecoder, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de XML manipulado.

Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-10-07 CVE Published
2024-08-06 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-16: Configuration
CWE-91: XML Injection (aka Blind XPath Injection)

CAPEC

References (7)

URL	Tag	Source
http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/restlet/restlet-framework-java/issues/774	2016-12-07

URL	Date	SRC
http://restlet.org/learn/2.1/changes	2016-12-07
http://rhn.redhat.com/errata/RHSA-2013-1410.html	2016-12-07
http://rhn.redhat.com/errata/RHSA-2013-1862.html	2016-12-07
https://bugzilla.redhat.com/show_bug.cgi?id=995275	2013-12-19
https://access.redhat.com/security/cve/CVE-2013-4221	2013-12-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				<= 2.1.3 Search vendor "Restlet" for product "Restlet" and version " <= 2.1.3"		-		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone1		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone2		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone3		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone4		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone5		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		milestone6		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc1		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc2		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc3		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc4		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc5		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1 Search vendor "Restlet" for product "Restlet" and version "2.1"		rc6		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1.0 Search vendor "Restlet" for product "Restlet" and version "2.1.0"		-		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1.1 Search vendor "Restlet" for product "Restlet" and version "2.1.1"		-		Affected
Restlet Search vendor "Restlet"		Restlet Search vendor "Restlet" for product "Restlet"				2.1.2 Search vendor "Restlet" for product "Restlet" and version "2.1.2"		-		Affected