CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:red5:media_server:1.0.2:-:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.2:milestone1:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.3:*:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.4:*:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.5:*:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.6:*:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:-:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone1:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone2:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone3:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone4:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone5:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone6:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.7:milestone7:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone1:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone10:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone11:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone12:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone13:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone2:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone3:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone4:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone5:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone6:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone7:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone8:*:*:*:*:*:*
cpe:2.3:o:red5:media_server:1.0.8:milestone9:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-08 16:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-5878

Mitre link : CVE-2017-5878

CVE.ORG link : CVE-2017-5878


JSON object : View

Products Affected

red5

  • media_server
CWE
CWE-502

Deserialization of Untrusted Data