[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Deserialization Vulnerability in VMware Xenon (CVE-2017-4947)
From:       VMware Security Response Center <security () vmware ! com>
Date:       2018-01-26 18:39:26
Message-ID: 0B018C16-38A7-467C-BD58-5C810C51FBFE () vmware ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient \
content-type filtering of inbound requests. Successful exploitation of this issue may result in \
remote code execution.

Fixes/References
--------------
https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1

We would like to thank Chris Todd of VMware for reporting this issue.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security@vmware.com



[prev in list] [next in list] [prev in thread] [next in thread]