9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.942 High
EPSS
Percentile
99.0%
XStream is a commonly used Java class libraries used to serialize an object into XML, JSON or deserialize the object.
Xstream 1.4.10 version exists deserialization vulnerability CVE-2013-7285 patch bypass.
The bucket like a security emergency response team analysis, when using Xstream 1.4.10 version and not on the security framework initialized, the attacker can carefully construct the request packet in use Xstream on the server to remote code execution.
Product
Xstream
Version
Xstream1. 4. 10 version
Assembly
Xstream
Fifth, the vulnerability reproduction
No
Upgrade Xstream to 1. 4. 11 version
> http://x-stream.github.io/changes.html#1.4.11
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173
The above is the high-risk vulnerability and early warning related information, if you have any questions or need more support, you can contact us.
Contact phone: 400-156-9866
Email: [email protected]
Bucket like the Security Emergency Response Team
2019 7 December 25
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.942 High
EPSS
Percentile
99.0%