Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.diniscruz....
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://restlet.org/lea...
MISC: https://bugzilla.redha...
MISC: https://github.com/res...

Launchpad.net

CVE 2013-4221

Related bugs

References