PT-2017-16730 · Red5 · Red5 Media Server

Moritz Bechler

Published

2017-06-08

Updated

2020-08-05

CVE-2017-5878

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red5 Media Server versions prior to 1.0.8

Description The issue allows remote attackers to execute arbitrary code via crafted serialized Java data due to the lack of restriction on the classes for which deserialization is performed by the AMF unmarshallers.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-5878

Affected Products

Red5 Media Server

PT-2017-16730 · Red5 · Red5 Media Server

CVE-2017-5878

Weakness Enumeration

Related Identifiers

Affected Products

References · 7