2 matches found
Restlet Arbitrary Java Code Execution via a serialized object
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
CVE-2013-4221
The Restlet vulnerability CVE-2013-4221 affects Restlet before 2.1.4, where ObjectRepresentation deserializes objects from untrusted sources using XMLDecoder. This allows remote attackers to execute arbitrary Java code via crafted XML, through the deserialization process on the server. Impact is ...