6 matches found
GHSA-8V4H-J42H-WFHC Deserialization of Untrusted Data in Spring-flex
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...
Design/Logic Flaw
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...
CVE-2017-3203 Pivotal/Spring Spring-flex's Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...
AMF3 Java implementations deserialization Vulnerability
Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers derive class instances from java. io. Externalizable rather than the AMF3 specification's recommendation of a flash. utils. IExternalizable. A remote attacker with the ability to...
Pivotal Spring Flex Remote Code Execution Vulnerability
Pivotal Spring Flex is an integrated BlazeDS client for teleprocessing and messaging from Pivotal Software, USA. A remote code execution vulnerability exists in Pivotal Spring Flex. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application,...
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...