Showing 1 - 3 of 3

CVE-2017-7957

Status Candidate

Overview

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

Related Files

Red Hat Security Advisory 2017-2889-01: Posted Oct 12, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-2889-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.6 serves as a replacement for Red Hat JBoss BPM Suite 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2017-5645, CVE-2017-7957; SHA-256 | c7939695f10427358e0414e6351cb34199efeae8c63812b03e4d3398c8445f7e; Download | Favorite | View

Red Hat Security Advisory 2017-2888-01: Posted Oct 12, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-2888-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.; tags | advisory, remote, arbitrary, udp, tcp; systems | linux, redhat; advisories | CVE-2017-5645, CVE-2017-7957; SHA-256 | 3868ecc1e90ce4272d7616c38753626b0c309d2d00f48fc2957ac96090c42f3b; Download | Favorite | View

Red Hat Security Advisory 2017-1832-01: Posted Aug 10, 2017; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2017-1832-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2015-6644, CVE-2016-8749, CVE-2016-9879, CVE-2017-2589, CVE-2017-2594, CVE-2017-3156, CVE-2017-5643, CVE-2017-5653, CVE-2017-5656, CVE-2017-5929, CVE-2017-7957; SHA-256 | db404937bf2d117f42d43a4031591a656b71c1b768a92a1406a510b3ac573aef; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 163 files
Ubuntu 101 files
indoushka 64 files
Debian 24 files
nu11secur1ty 19 files
Apple 13 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
LiquidWorm 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,844)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,815)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,916)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,940)
UNIX (9,317)
UnixWare (186)
Windows (6,588)
Other

CVE-2017-7957

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems