Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
References
Link | Resource |
---|---|
https://blog.radicallyopensecurity.com/CVE-2017-9830.html | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-06-27 18:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-9830
Mitre link : CVE-2017-9830
CVE.ORG link : CVE-2017-9830
JSON object : View
Products Affected
code42
- crashplan
CWE
CWE-502
Deserialization of Untrusted Data