CVE-2016-8744 - Vulnerability Details

Vendors	Products
Apache	Brooklyn

Link	Providers
https://brooklyn.apache.org/community/security/CVE-2016-8744.html
https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761%40%3Cdev.brooklyn.apache.org%3E

{"containers": {"cna": {"affected": [{"product": "Apache Brooklyn", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.9.0 and all prior versions"}]}], "datePublic": "2017-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-13T15:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"}, {"name": "[dev] 20170210 [SECURITY] CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761%40%3Cdev.brooklyn.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-02-10T00:00:00", "ID": "CVE-2016-8744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Brooklyn", "version": {"version_data": [{"version_value": "0.9.0 and all prior versions"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html", "refsource": "CONFIRM", "url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"}, {"name": "[dev] 20170210 [SECURITY] CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761@%3Cdev.brooklyn.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:34:59.620Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"}, {"name": "[dev] 20170210 [SECURITY] CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761%40%3Cdev.brooklyn.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-8744", "datePublished": "2017-09-13T16:00:00Z", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2024-09-16T18:09:23.475Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:brooklyn:*:*:*:*:*:*:*:*", "matchCriteriaId": "37F4D23C-1126-43D6-9C86-706C0B6D38D1", "versionEndIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability."}, {"lang": "es", "value": "Apache Brooklyn utiliza la librer\u00eda SnakeYAML para analizar sint\u00e1cticamente los valores de entrada en YAML. SnakeYAML permite el uso de etiquetas YAML para indicar que esta librer\u00eda deber\u00eda deserializar datos para tipo Java. En la configuraci\u00f3n por defecto en Brooklyn en versiones anteriores a la 0.10.0, SnakeYAML permite deserializar cualquier tipo de Java disponible en el classpath. Esto podr\u00eda proporcionar a un usuario autenticado los medios para hacer que la m\u00e1quina virtual Java que est\u00e1 ejecutando Brooklyn cargue y ejecute c\u00f3digo Java sin que Brooklyn lo detecte. Ese c\u00f3digo tendr\u00eda los privilegios del proceso Java que ejecuta Brooklyn, incluida la capacidad de abrir archivos y conexiones de red y ejecutar comandos del sistema. Se sabe que existe un exploit a modo de prueba de concepto que utiliza esta vulnerabilidad."}], "id": "CVE-2016-8744", "lastModified": "2024-11-21T02:59:58.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-13T16:29:00.400", "references": [{"source": "security@apache.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761%40%3Cdev.brooklyn.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761%40%3Cdev.brooklyn.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object