VDB
CVE-2017-5878
CVE-2017-5878
PUBLISHED
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
EPSS 2.94% · 86.7th percentile
Risk Scores
EPSS Score
2.94%
86.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | red5 | 0, 1.0~svn4374-4, 1.0~svn4374-4.1 |
Exploit Intelligence
Timeline
- Jun 8, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5878 third-party-advisory
- http://www.openwall.com/lists/oss-security/2017/05/22/2 third-party-advisory
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5878 third-party-advisory