CVE-2016-0750

NONE EPSS 82.0%
Published Sep 11, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 11, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Threat Intelligence

EPSS Exploit Probability
82.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-138
CWE-502 Deserialization of Untrusted Data Validation

Affected Products 1

VendorProductVersionRange
infinispaninfinispan* <9.1.0

References 6

  • securityfocus.com http://www.securityfocus.com/bid/101910
    Third Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3244
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:0501
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750
    Issue TrackingVendor Advisory
  • github.com https://github.com/infinispan/infinispan/pull/5116
    PatchVendor Advisory
  • issues.jboss.org https://issues.jboss.org/browse/ISPN-7781
    Issue TrackingThird Party Advisory

Remediation

  • github.com https://github.com/infinispan/infinispan/pull/5116
    PatchVendor Advisory