Lucene search
MitreCVELIST:CVE-2019-9212HistoryFeb 27, 2019 - 5:00 p.m.
CVE-2019-9212
2019-02-2717:00:00
mitre
www.cve.org
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesnβt consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated
References
Related
osv
osv
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-06 17:36:08
d0znpp
d0znpp
Spring RCE exploit I canβt explain
2019-07-17 00:22:22
veracode
veracode
Remote Code Execution (RCE)
2019-07-01 04:24:50
prion
prion
Design/Logic Flaw
2019-02-27 17:29:00
gitlab
gitlab
Deserialization of Untrusted Data
2019-03-06 00:00:00
cve
cve
CVE-2019-9212
2019-02-27 17:29:00
nvd
nvd
CVE-2019-9212
2019-02-27 17:29:00
github
github
Incomplete List of Disallowed Inputs in SOFA-Hessian
2019-03-06 17:36:08