You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Maxim Solodovnik <so...@apache.org> on 2018/01/11 11:21:30 UTC
CVE-2017-5878 - RED5/AMF Unmarshalling RCE
Severity: Critical
Vendor: Red5
Versions Affected: Apache OpenMeetings 3.1.3 and earlier
Description: The AMF unmarshallers in Red5 Media Server before 1.0.8
do not restrict the classes for which it performs deserialization,
which allows remote attackers to execute arbitrary code via crafted
serialized Java data.
CVE-2017-5878
The issue was fixed in 3.1.4
All users are recommended to upgrade to the latest version of Apache
OpenMeetings
Credit: This issue was identified by Moritz Bechler