CVE-2016-0750

client: unchecked deserialization in marshaller util

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

El cliente de Java hotrod en infinispan en versiones anteriores a la 9.1.0.Final deserializa automáticamente el contenido de los mensajes bytearray en ciertos eventos. Un usuario malicioso podría explotar este error inyectando un objeto serializado especialmente manipulado para lograr la ejecución remota de código u otros ataques.

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-12-16 CVE Reserved
2017-11-17 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-138: Improper Neutralization of Special Elements
CWE-502: Deserialization of Untrusted Data

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/101910	Third Party Advisory
https://issues.jboss.org/browse/ISPN-7781	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/infinispan/infinispan/pull/5116	2023-11-07

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:3244	2023-11-07
https://access.redhat.com/errata/RHSA-2018:0501	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750	2023-11-07
https://access.redhat.com/security/cve/CVE-2016-0750	2018-03-13
https://bugzilla.redhat.com/show_bug.cgi?id=1300443	2018-03-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Infinispan Search vendor "Infinispan"		Infinispan Search vendor "Infinispan" for product "Infinispan"				< 9.1.0 Search vendor "Infinispan" for product "Infinispan" and version " < 9.1.0"		-		Affected