CVE-2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:restlet:restlet:2.1:milestone5:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone4:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone3:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone2:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc6:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc5:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc4:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc3:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone6:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:milestone1:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:restlet:restlet:2.1:rc1:*:*:*:*:*:*

Information

Published : 2013-10-09 17:55

Updated : 2016-12-07 10:13


NVD link : CVE-2013-4221

Mitre link : CVE-2013-4221


JSON object : View

CWE
CWE-16

Configuration

CWE-91

XML Injection (aka Blind XPath Injection)

Advertisement

dedicated server usa

Products Affected

restlet

  • restlet