www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Solodovnik <solo...@apache.org>
Subject CVE-2017-5878 - RED5/AMF Unmarshalling RCE
Date Thu, 11 Jan 2018 11:21:30 GMT
Severity: Critical

Vendor: Red5

Versions Affected: Apache OpenMeetings 3.1.3 and earlier

Description: The AMF unmarshallers in Red5 Media Server before 1.0.8
do not restrict the classes for which it performs deserialization,
which allows remote attackers to execute arbitrary code via crafted
serialized Java data.

The issue was fixed in 3.1.4
All users are recommended to upgrade to the latest version of Apache

Credit: This issue was identified by Moritz Bechler

View raw message