Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Flex BlazeDS 安全漏洞
Vulnerability Description
Apache Flex BlazeDS是美国阿帕奇(Apache)软件基金会的一套基于服务器的Java远程和Web通讯工具。该工具支持开发者连接后端分布式数据和实时数据推送等。 Apache Flex BlazeDS 4.7.2及之前的版本中存在远程代码执行漏洞。远程攻击者可通过发送特制的AMF3消息利用该漏洞在受影响应用程序的上下文中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A