Lucene search

CVE-2013-7285

🗓️ 15 May 2019 17:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 322 Views🌐 WEB

Xstream API remote code execution vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 84
Cvelist	CVE-2013-7285	15 May 201916:54	–	cvelist
Cvelist	CVE-2019-10173	23 Jul 201912:50	–	cvelist
RedHat Linux	Important: Red Hat Security Advisory: XStream security update	13 Mar 201419:21	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: XStream security update	26 Feb 201420:32	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: jasperreports-server-pro security update	9 Apr 201418:02	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update	14 Aug 201415:47	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update	5 Aug 201414:10	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.1 update	3 Apr 201422:01	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.0.0 security update	24 Mar 201418:05	–	redhat
RedHat Linux	Important: Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update	30 Apr 201418:49	–	redhat

Nvd

Node

oracle endeca_information_discovery_studioMatch3.2.0

Node

apache activemqMatch5.15.8

Node

xstream xstreamRange≤1.4.6

xstream xstreamMatch1.4.10

Source	Link
mail-archive	www.mail-archive.com/user%40xstream.codehaus.org/msg00604.html
lists	www.lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
web	www.web.archive.org/web/20140204133306/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
seclists	www.seclists.org/oss-sec/2014/q1/69
oracle	www.oracle.com/security-alerts/cpuoct2020.html
lists	www.lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E
blog	www.blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
x-stream	www.x-stream.github.io/CVE-2013-7285.html
mail-archive	www.mail-archive.com/user%40xstream.codehaus.org/msg00607.html

Parameter	Position	Path	Description	CWE
type	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78
serializationClass	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78
serializedData	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78
uuid	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78
name	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78
subtype	query param	/openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form	The endpoint allows unauthenticated remote code execution through XML input manipulation, leveraging CVE-2013-7285 in the XStream library.	CWE-78

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 May 2019 17:29Current

9.4High risk

Vulners AI Score9.4

CVSS27.5

CVSS39.8

EPSS0.15054

CWE-78