logo
DATABASE RESOURCES PRICING ABOUT US

VMware vCenter Server Appliance BlazeDS AMF3 RCE (VMSA-2017-0007)

Description

The version of VMware vCenter Server Appliance installed on the remote host is 6.0 prior to Update 3b or 6.5 prior to Update c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An unauthenticated, remote attacker can exploit this, by sending a specially crafted Java object, to execute arbitrary code.


Related