{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-08T15:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-5878", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "refsource": "MISC", "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:11:49.004Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-5878", "datePublished": "2017-06-08T16:00:00.000Z", "dateReserved": "2017-02-03T00:00:00.000Z", "dateUpdated": "2024-08-05T15:11:49.004Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:red5:media_server:1.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "93EA9637-BEEE-4BFF-AF94-98F1C600B8C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.2:milestone1:*:*:*:*:*:*", "matchCriteriaId": "5714ECA1-B358-417F-8D88-C559535DBFA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "45060D79-5F50-4C97-9913-A5EBBFE3EE01", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DF06FE5B-803A-4448-B47A-89BA5E4C413E", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "76FCA077-ADAC-4356-83C6-2ECFA604FB93", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "732B294D-DD73-4325-8F0B-C4A3315F5034", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:-:*:*:*:*:*:*", "matchCriteriaId": "71B5B0AC-0AE8-4B0C-8773-53CFE5A65C85", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone1:*:*:*:*:*:*", "matchCriteriaId": "D9FE1163-39C6-48F6-A7DE-9FE53FC4663D", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone2:*:*:*:*:*:*", "matchCriteriaId": "352F4573-E09A-4049-9148-7A13C8EC8DC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone3:*:*:*:*:*:*", "matchCriteriaId": "7B5777BF-A550-4986-B2CA-68231DB49E52", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone4:*:*:*:*:*:*", "matchCriteriaId": "027563CA-F625-41E3-829F-BE3FAD9CF3F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone5:*:*:*:*:*:*", "matchCriteriaId": "D8FBBC5B-9AF0-4476-9B73-7DD5D3A9DC11", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone6:*:*:*:*:*:*", "matchCriteriaId": "9EA0D336-802C-4E15-AA3D-54DF0F7910F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.7:milestone7:*:*:*:*:*:*", "matchCriteriaId": "07DE3149-977A-42B5-808E-BFF1C217DC7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone1:*:*:*:*:*:*", "matchCriteriaId": "C671E0E0-393F-4A07-9639-4E45374AC1C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone10:*:*:*:*:*:*", "matchCriteriaId": "247E2E41-9236-4155-9A3F-36D1F7D6946F", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone11:*:*:*:*:*:*", "matchCriteriaId": "697905ED-3667-4645-A947-23AE3180A668", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone12:*:*:*:*:*:*", "matchCriteriaId": "FC65784E-54E2-4ACA-BD41-F3F91EC54BAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone13:*:*:*:*:*:*", "matchCriteriaId": "2F653DCF-54C2-4909-BC73-60873DE49F51", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone2:*:*:*:*:*:*", "matchCriteriaId": "FDC7EAFC-508C-4A0E-855D-AC6630F4C2C5", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone3:*:*:*:*:*:*", "matchCriteriaId": "0FBA3E03-5781-492B-A70C-F54E2AB36FF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone4:*:*:*:*:*:*", "matchCriteriaId": "419ED3FB-0E87-4A54-89E5-236B087FA92D", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone5:*:*:*:*:*:*", "matchCriteriaId": "3A5B51B2-7662-4EDF-B09E-A69A508615F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone6:*:*:*:*:*:*", "matchCriteriaId": "770AF897-CADC-4445-8FFE-534EC45FC678", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone7:*:*:*:*:*:*", "matchCriteriaId": "81A8BD3A-499A-4CE6-B68E-E4740AE7224B", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone8:*:*:*:*:*:*", "matchCriteriaId": "A7C63DA6-AF81-482C-9C7E-36B27FD7B335", "vulnerable": true}, {"criteria": "cpe:2.3:o:red5:media_server:1.0.8:milestone9:*:*:*:*:*:*", "matchCriteriaId": "BC1682A9-7C56-4BFF-BE18-62FA25ED8AAB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data."}, {"lang": "es", "value": "Los unmarshallers AMF en Red5 Media Server en versiones anteriores a la 1.0.8 no restringen las clases para las que realizan deserializaci\u00f3n, lo que permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante datos Java serializados manipulados."}], "id": "CVE-2017-5878", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-08T16:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}