[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Deserialization Vulnerability in VMware Xenon (CVE-2017-4947)
From: VMware Security Response Center <security () vmware ! com>
Date: 2018-01-26 18:39:26
Message-ID: 0B018C16-38A7-467C-BD58-5C810C51FBFE () vmware ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient \
content-type filtering of inbound requests. Successful exploitation of this issue may result in \
remote code execution.
Fixes/References
--------------
https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1
We would like to thank Chris Todd of VMware for reporting this issue.
--------------
Edward Hawkins
Senior Program Manager, Security Response
security@vmware.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic