CVE-2016-0750
client: unchecked deserialization in marshaller util
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
El cliente de Java hotrod en infinispan en versiones anteriores a la 9.1.0.Final deserializa automáticamente el contenido de los mensajes bytearray en ciertos eventos. Un usuario malicioso podría explotar este error inyectando un objeto serializado especialmente manipulado para lograr la ejecución remota de código u otros ataques.
The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2017-11-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-138: Improper Neutralization of Special Elements
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/101910 | Third Party Advisory | |
https://issues.jboss.org/browse/ISPN-7781 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/infinispan/infinispan/pull/5116 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3244 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2018:0501 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-0750 | 2018-03-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1300443 | 2018-03-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Infinispan Search vendor "Infinispan" | Infinispan Search vendor "Infinispan" for product "Infinispan" | < 9.1.0 Search vendor "Infinispan" for product "Infinispan" and version " < 9.1.0" | - |
Affected
|