9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.643 Medium
EPSS
Percentile
97.8%
Xstream API versions up to 1.4.6 and version 1.4.10, if the security
framework has not been initialized, may allow a remote attacker to run
arbitrary shell commands by manipulating the processed input stream when
unmarshaling XML or any supported format. e.g. JSON.
Author | Note |
---|---|
mdeslaur | starting with 1.4.7, it is now possible to define permissions for types. This requires applications to use permissions. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libxstream-java | < 1.4.7-1 | UNKNOWN |
ubuntu | 18.10 | noarch | libxstream-java | < 1.4.7-1 | UNKNOWN |
ubuntu | 14.04 | noarch | libxstream-java | < 1.4.7-1 | UNKNOWN |
ubuntu | 16.04 | noarch | libxstream-java | < 1.4.7-1 | UNKNOWN |
blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
xstream.codehaus.org/security.html
fisheye.codehaus.org/changelog/xstream?cs=2210
launchpad.net/bugs/cve/CVE-2013-7285
nvd.nist.gov/vuln/detail/CVE-2013-7285
security-tracker.debian.org/tracker/CVE-2013-7285
www.cve.org/CVERecord?id=CVE-2013-7285
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.643 Medium
EPSS
Percentile
97.8%