CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1247732 Issue Tracking Third Party Advisory
https://pulp.plan.io/issues/23 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1247732 Issue Tracking Third Party Advisory
https://pulp.plan.io/issues/23 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:pulpproject:qpid:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1247732 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1247732 - Issue Tracking, Third Party Advisory
References () https://pulp.plan.io/issues/23 - Issue Tracking, Third Party Advisory () https://pulp.plan.io/issues/23 - Issue Tracking, Third Party Advisory

Information

Published : 2017-10-18 16:29

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5164

Mitre link : CVE-2015-5164

CVE.ORG link : CVE-2015-5164


JSON object : View

Products Affected

pulpproject

  • qpid

redhat

  • satellite
CWE
CWE-502

Deserialization of Untrusted Data