PT-2016-5172 · Oracle+3 · Java+3

Publicado

2016-02-19

Atualizado

2024-06-15

CVE-2016-2510

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BeanShell (bsh) versions prior to 2.0b6

Description The issue allows remote attackers to execute arbitrary code via crafted serialized data when BeanShell is included on the classpath by an application that uses Java serialization or XStream. This is related to XThis.Handler.

Recommendations For versions prior to 2.0b6, update to version 2.0b6 or later to resolve the issue. As a temporary workaround, consider restricting the use of Java serialization or XStream in applications that include BeanShell on the classpath until a patch is applied.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-19

Identificadores relacionados

CVE-2016-2510

DLA-443-1

DSA-3504-1

GHSA-GXG6-RC6C-V673

OPENSUSE-SU-2016_0788-1

OPENSUSE-SU-2016_0833-1

OPENSUSE-SU-2024:10420-1

SUSE-SU-2016:0699-1

SUSE-SU-2016:0700-1

SUSE-SU-2016_0699-1

SUSE-SU-2016_0700-1

USN-2923-1

Produtos afetados

Java

Suse

Ubuntu

Xstream

PT-2016-5172 · Oracle+3 · Java+3

CVE-2016-2510

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37