CVE-2016-2510

Exploit

EPSS 37.92%
Published 07.04.2016 20:59:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Affected products Warnungen 0 Metrics 3 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Beanshell ≫ Beanshell Version1.0

Beanshell ≫ Beanshell Version2.0 Updatebeta1

Beanshell ≫ Beanshell Version2.0 Updatebeta4

Beanshell ≫ Beanshell Version2.0 Updatebeta5

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	37.92%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

https://access.redhat.com/errata/RHSA-2016:1135

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1376

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2035.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-0539.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0540.html

Third Party Advisory

http://www.debian.org/security/2016/dsa-3504

Third Party Advisory

http://www.securityfocus.com/bid/84139

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1035440

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2923-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1545

Third Party Advisory

https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced

Patch

Third Party Advisory

https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49

Patch

Third Party Advisory

https://github.com/beanshell/beanshell/releases/tag/2.0b6

Patch

Third Party Advisory

https://github.com/frohoff/ysoserial/pull/13

Third Party Advisory

Exploit

https://security.gentoo.org/glsa/201607-17

Third Party Advisory

https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-2510

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2510

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2510

EUVD