CVE-2017-3208

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...

CVE-2017-3207

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an R...

Design/Logic Flaw

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...

CVE-2017-3208

CVE-2017-3208 affects WebORB for Java (Midnight Coders), where the Java AMF3 deserializers can process XML embedded in AMF3 messages and allow XML External Entity (XXE) references. The issue arises from deserialization behavior using or allowing untrusted data, potentially enabling exposure of se...

CVE-2017-3207

CVE-2017-3207 affects WebORB for Java by Midnight Coders (v5.1.1.0). The AMF3 deserializers derive class instances from java.io.Externalizable instead of the recommended flash.utils.IExternalizable, enabling a remote attacker able to spoof/control an RMI server to send serialized Java objects tha...

CVE-2017-3207 WebORB for Java by Midnight Coders, version 5.1.1.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an R...

WebORB for Java Remote Code Execution Vulnerability

Midnight Coders WebORB for Java is a cross-platform Midnight Coders, Inc. integration server for desktop, browser and mobile clients and the corresponding Java POJO and other components and Web services to provide a common connection to data and media. A remote code execution vulnerability exists...

AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')

A detailed analysis of the reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers allow the external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose...

AMF3 Java implementations deserialization Vulnerability

Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers derive class instances from java. io. Externalizable rather than the AMF3 specification's recommendation of a flash. utils. IExternalizable. A remote attacker with the ability to...

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...