CVE-2015-5164
HIGHpulpproject qpid - Authenticated Remote Code Execution via Pickle Deserialization
Title source: llmDescription
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://pulp.plan.io/issues/23
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1247732
Scores
CVSS v3
7.2
EPSS
0.0396
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
pulpproject/qpid
Published
Oct 18, 2017
Tracked Since
Feb 18, 2026