CVE-2017-3200

{"id": "CVE-2017-3200", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2018-06-11T17:29:00.447", "references": [{"url": "http://www.securityfocus.com/bid/97382", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://codewhitesec.blogspot.com/2017/04/amf.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/307983", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-913"}]}], "descriptions": [{"lang": "en", "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."}, {"lang": "es", "value": "La implementaci\u00f3n de Java de los deserializadores AMF3 empleada en GraniteDS, versi\u00f3n 3.1.1.G, podr\u00eda permitir la instanciaci\u00f3n de clases arbitrarias mediante su constructor p\u00fablico sin par\u00e1metros y, en consecuencia, llamar a m\u00e9todos setter arbitrarios de Java Beans. La capacidad para explotar esta vulnerabilidad depende de la disponibilidad de las clases en la ruta de clase que emplea la deserializaci\u00f3n. Un atacante remoto con la capacidad de suplantar o controlar informaci\u00f3n podr\u00eda ser capaz de enviar objetos Java serializados con propiedades preestablecidas que resultan en la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se deserializan."}], "lastModified": "2020-02-05T19:35:55.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:graniteds:graniteds:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B952992-5FE8-4BA5-8916-D4EE395D627D"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}