Lucene search

[email protected]CVE-2013-4221

HistoryOct 10, 2013 - 12:55 a.m.

CVE-2013-4221

2013-10-1000:55:14

CWE-91

CWE-16

[email protected]

web.nvd.nist.gov

cve-2013-4221

objectrepresentation class

restlet

java xmldecoder

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Affected configurations

NVD

Node

restletrestletRange≤2.1.3

restletrestletMatch2.1milestone1

restletrestletMatch2.1milestone2

restletrestletMatch2.1milestone3

restletrestletMatch2.1milestone4

restletrestletMatch2.1milestone5

restletrestletMatch2.1milestone6

restletrestletMatch2.1rc1

restletrestletMatch2.1rc2

restletrestletMatch2.1rc3

restletrestletMatch2.1rc4

restletrestletMatch2.1rc5

restletrestletMatch2.1rc6

restletrestletMatch2.1.0

restletrestletMatch2.1.1

restletrestletMatch2.1.2

CPENameOperatorVersion
restlet:restletrestletle2.1.3
restlet:restletrestleteq2.1
restlet:restletrestleteq2.1.0
restlet:restletrestleteq2.1.1
restlet:restletrestleteq2.1.2