The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-08T16:00:00

Updated: 2024-08-05T15:11:49.004Z

Reserved: 2017-02-03T00:00:00

Link: CVE-2017-5878

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-08T16:29:00.433

Modified: 2024-11-21T03:28:35.763

Link: CVE-2017-5878

cve-icon Redhat

No data.