cnvd - cnvd-2017-10732

CNVD-2017-10732

Vulnerability from cnvd - Published: 2017-06-22

Title

Exadel Flamingo远程代码执行漏洞（CNVD-2017-10732）

Description

Exadel Flamingo是一套用于引导使用Java后端构建的RIA应用程序的工具。 Exadel Flamingo 2.2.0版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码。

Severity

高

Formal description

目前没有详细的解决方案提供： https://www.exadel.com/

Reference

http://www.securityfocus.com/bid/97380

Impacted products

Name
Exadel Flamingo 2.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97380"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3202"
    }
  },
  "description": "Exadel Flamingo\u662f\u4e00\u5957\u7528\u4e8e\u5f15\u5bfc\u4f7f\u7528Java\u540e\u7aef\u6784\u5efa\u7684RIA\u5e94\u7528\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\r\n\r\nExadel Flamingo 2.2.0\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Markus Wulftange",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.exadel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10732",
  "openTime": "2017-06-22",
  "products": {
    "product": "Exadel Flamingo 2.2"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97380",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-24",
  "title": "Exadel Flamingo\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-10732\uff09"
}

CVE-2017-3202 (GCVE-0-2017-3202)

Vulnerability from cvelistv5 – Published: 2018-06-11 17:00 – Updated: 2024-08-05 14:16

Summary

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Severity ?

No CVSS data available.

CWE

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Assigner

certcc

References

URL

Tags

	https://codewhitesec.blogspot.com/2017/04/amf.html	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/307983	third-party-advisoryx_refsource_CERT-VN
	http://www.securityweek.com/flaws-java-amf-librar…	x_refsource_MISC
	http://www.securityfocus.com/bid/97380	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Exadel	Flamingo amf-serializer	Affected: 2.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
          },
          {
            "name": "VU#307983",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/307983"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
          },
          {
            "name": "97380",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97380"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Flamingo amf-serializer",
          "vendor": "Exadel",
          "versions": [
            {
              "status": "affected",
              "version": "2.2.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
        },
        {
          "name": "VU#307983",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/307983"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
        },
        {
          "name": "97380",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97380"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3202",
          "STATE": "PUBLIC",
          "TITLE": "The implementation of Action Message Format (AMF3) deserializers in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes due to improper code control"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Flamingo amf-serializer",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "2.2.0",
                            "version_value": "2.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Exadel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-913: Improper Control of Dynamically-Managed Code Resources"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://codewhitesec.blogspot.com/2017/04/amf.html",
              "refsource": "MISC",
              "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
            },
            {
              "name": "VU#307983",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/307983"
            },
            {
              "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
              "refsource": "MISC",
              "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
            },
            {
              "name": "97380",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97380"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2017-3202",
    "datePublished": "2018-06-11T17:00:00",
    "dateReserved": "2016-12-05T00:00:00",
    "dateUpdated": "2024-08-05T14:16:28.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-10732

CVE-2017-3202 (GCVE-0-2017-3202)

Tags

Sightings

Nomenclature