CVE-2013-4271

{"id": "CVE-2013-4271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-10T00:55:14.897", "references": [{"url": "http://restlet.org/learn/2.1/changes", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/restlet/restlet-framework-java/issues/778", "tags": ["Patch", "Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de la clase ObjectRepresentation en Restlet anterior a la versi\u00f3n 2.1.4 deserializa objetos de fuentes no confiables, lo que permite a atacantes remotos ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de objetos serializados, una vulnerabilidad diferente a CVE-2013-4221."}], "lastModified": "2016-12-06T19:17:31.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF36E47-FB83-4EE2-A8AD-4CCB150FA05E", "versionEndIncluding": "2.1.3"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "000B0109-CDC6-4CF0-8A90-F97D98BFB954"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F745EEF2-7E39-414C-847F-38A276E799A5"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC3C0BC-612C-495D-8AD6-F439229F89FB"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11E97321-A10F-418C-B6C1-DD1AD6206E36"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44C440F-E99C-46DF-9168-1A858157F4F4"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4E467B9-1379-4270-8AFB-D316E27231AD"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A3D4845-EE2D-4CB5-B1F2-F49C9637940F"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F9C4B9-9938-43A4-8742-43DB3AD209D0"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B157880F-B6BF-46F4-92A5-93BC4DBDACD1"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E81758-0104-4AAF-90AF-DFF634EDD812"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF001292-CD53-4BDE-BF5E-874FEF1CA18C"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C7A833C-C531-4869-8E65-2C2A7F123C23"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064F898B-82C8-423F-86CD-F5BBC9C8C3A0"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A4FEF42-787B-433D-B0EE-5BAA68AC869A"}, {"criteria": "cpe:2.3:a:restlet:restlet:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCD71E5D-FA56-47BC-9CD3-72A7B3CDCCDA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}