CVE-2016-2173

CRITICAL

Fedora < 1.5.5 - Improper Input Validation

Title source: rule

Description

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.

Exploits (1)

nomisec WORKING POC 4 stars
by HaToan · poc
https://github.com/HaToan/CVE-2016-2173

References (5)

Scores

CVSS v3 9.8
EPSS 0.2129
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (5)
fedoraproject/fedora 22
fedoraproject/fedora 23
fedoraproject/fedora 24
org.springframework.amqp/spring-amqp 0 - 1.5.5Maven
vmware/spring_advanced_message_queuing_protocol < 1.5.5
Published Apr 21, 2017
Tracked Since Feb 18, 2026