8.1

CVE-2016-2510

Exploit
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BeanshellBeanshell Version1.0
BeanshellBeanshell Version2.0 Updatebeta1
BeanshellBeanshell Version2.0 Updatebeta4
BeanshellBeanshell Version2.0 Updatebeta5
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 70.43% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://access.redhat.com/errata/RHSA-2016:1135
Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1376
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-0539.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0540.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3504
Third Party Advisory
http://www.securityfocus.com/bid/84139
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035440
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2923-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1545
Third Party Advisory
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
Patch
Third Party Advisory
https://github.com/beanshell/beanshell/releases/tag/2.0b6
Patch
Third Party Advisory
https://github.com/frohoff/ysoserial/pull/13
Third Party Advisory
Exploit
https://security.gentoo.org/glsa/201607-17
Third Party Advisory
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf
Third Party Advisory
Exploit