9.8

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Red5Media Server Version1.0.2 Update-
Red5Media Server Version1.0.2 Updatemilestone1
Red5Media Server Version1.0.3
Red5Media Server Version1.0.4
Red5Media Server Version1.0.5
Red5Media Server Version1.0.6
Red5Media Server Version1.0.7 Update-
Red5Media Server Version1.0.7 Updatemilestone1
Red5Media Server Version1.0.7 Updatemilestone2
Red5Media Server Version1.0.7 Updatemilestone3
Red5Media Server Version1.0.7 Updatemilestone4
Red5Media Server Version1.0.7 Updatemilestone5
Red5Media Server Version1.0.7 Updatemilestone6
Red5Media Server Version1.0.7 Updatemilestone7
Red5Media Server Version1.0.8 Updatemilestone1
Red5Media Server Version1.0.8 Updatemilestone10
Red5Media Server Version1.0.8 Updatemilestone11
Red5Media Server Version1.0.8 Updatemilestone12
Red5Media Server Version1.0.8 Updatemilestone13
Red5Media Server Version1.0.8 Updatemilestone2
Red5Media Server Version1.0.8 Updatemilestone3
Red5Media Server Version1.0.8 Updatemilestone4
Red5Media Server Version1.0.8 Updatemilestone5
Red5Media Server Version1.0.8 Updatemilestone6
Red5Media Server Version1.0.8 Updatemilestone7
Red5Media Server Version1.0.8 Updatemilestone8
Red5Media Server Version1.0.8 Updatemilestone9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.94% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.