logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2017-5878

Description

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.


Affected Software


CPE Name Name Version
red5:media_server red5 media server 1.0.2
red5:media_server red5 media server 1.0.2
red5:media_server red5 media server 1.0.3
red5:media_server red5 media server 1.0.4
red5:media_server red5 media server 1.0.5
red5:media_server red5 media server 1.0.6
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.7
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8
red5:media_server red5 media server 1.0.8

Related