Lucene search

K
myhack58ไฝšๅMYHACK58:62201995222
HistoryJul 25, 2019 - 12:00 a.m.

Xstream remote code execution vulnerability-vulnerability warning-the black bar safety net

2019-07-2500:00:00
ไฝšๅ
www.myhack58.com
99

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.942 High

EPSS

Percentile

99.0%

One, the Foreword

XStream is a commonly used Java class libraries used to serialize an object into XML, JSON or deserialize the object.

Second, the vulnerability profile

Xstream 1.4.10 version exists deserialization vulnerability CVE-2013-7285 patch bypass.

Third, the vulnerability to hazards

The bucket like a security emergency response team analysis, when using Xstream 1.4.10 version and not on the security framework initialized, the attacker can carefully construct the request packet in use Xstream on the server to remote code execution.

Fourth, the scope of the impact

Product

Xstream

Version

Xstream1. 4. 10 version

Assembly

Xstream

Fifth, the vulnerability reproduction

No

Six, solution

Upgrade Xstream to 1. 4. 11 version

Seven, reference

> http://x-stream.github.io/changes.html#1.4.11
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173

The above is the high-risk vulnerability and early warning related information, if you have any questions or need more support, you can contact us.

Contact phone: 400-156-9866

Email: [email protected]

Bucket like the Security Emergency Response Team

2019 7 December 25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.942 High

EPSS

Percentile

99.0%