3 matches found
CVE-2017-3200
CVE-2017-3200 concerns GraniteDS’s AMF3 deserializers. The Java AMF3 implementation in GraniteDS 3.1.1.GA can instantiate arbitrary classes via public no-arg constructors and invoke JavaBeans setters during deserialization, enabling remote attackers to execute arbitrary code if affected classes a...
CVE-2017-3200 The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control
The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availabili...
AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources
Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this...