CVE-2016-2510

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
References
Link Resource
https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf Exploit Third Party Advisory
https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced Patch Third Party Advisory
https://github.com/frohoff/ysoserial/pull/13 Exploit Third Party Advisory
https://github.com/beanshell/beanshell/releases/tag/2.0b6 Patch Third Party Advisory
https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 Patch Third Party Advisory
http://www.debian.org/security/2016/dsa-3504 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0540.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0539.html Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1135 Third Party Advisory
http://www.securityfocus.com/bid/84139 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201607-17 Third Party Advisory
http://www.securitytracker.com/id/1035440 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2923-1 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1376 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2035.html Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1545 Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:beanshell:beanshell:1.0:*:*:*:*:*:*:*
cpe:2.3:a:beanshell:beanshell:2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:beanshell:beanshell:2.0:beta5:*:*:*:*:*:*
cpe:2.3:a:beanshell:beanshell:2.0:beta1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Information

Published : 2016-04-07 13:59

Updated : 2020-10-20 15:15


NVD link : CVE-2016-2510

Mitre link : CVE-2016-2510


JSON object : View

CWE
CWE-19

Data Processing Errors

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

beanshell

  • beanshell