Vulnerabilities > CVE-2013-4221 - Configuration vulnerability in Restlet

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
restlet
CWE-16

Summary

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

Common Weakness Enumeration (CWE)

Redhat

advisories
  • rhsa
    idRHSA-2013:1410
  • rhsa
    idRHSA-2013:1862