CVE-2017-5878

CRITICAL

Red5 Media Server - Insecure Deserialization

Title source: rule

Description

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0294
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status draft

Affected Products (27)

red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
red5/media_server
... and 12 more

Timeline

Published Jun 08, 2017
Tracked Since Feb 18, 2026