Vulnerability-Lookup

CVE-2017-3200 (GCVE-0-2017-3200)

Vulnerability from cvelistv5 – Published: 2018-06-11 17:00 – Updated: 2024-08-05 14:16

Title

The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control

Summary

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Severity ?

No CVSS data available.

CWE

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Assigner

certcc

References

URL

Tags

	http://www.securityfocus.com/bid/97382	vdb-entryx_refsource_BID
	https://codewhitesec.blogspot.com/2017/04/amf.html	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/307983	third-party-advisoryx_refsource_CERT-VN
	http://www.securityweek.com/flaws-java-amf-librar…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	GraniteDS	Framework	Affected: 3.1.1.G

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97382",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97382"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
          },
          {
            "name": "VU#307983",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/307983"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Framework",
          "vendor": "GraniteDS",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.1.G"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "97382",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97382"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
        },
        {
          "name": "VU#307983",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/307983"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3200",
          "STATE": "PUBLIC",
          "TITLE": "The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "3.1.1.G",
                            "version_value": "3.1.1.G"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GraniteDS"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-913: Improper Control of Dynamically-Managed Code Resources"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97382",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97382"
            },
            {
              "name": "https://codewhitesec.blogspot.com/2017/04/amf.html",
              "refsource": "MISC",
              "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
            },
            {
              "name": "VU#307983",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/307983"
            },
            {
              "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
              "refsource": "MISC",
              "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2017-3200",
    "datePublished": "2018-06-11T17:00:00.000Z",
    "dateReserved": "2016-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:16:28.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2017-3200

Vulnerability from fkie_nvd - Published: 2018-06-11 17:29 - Updated: 2024-11-21 03:25

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/97382	Third Party Advisory, VDB Entry
cret@cert.org	http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution	Third Party Advisory
cret@cert.org	https://codewhitesec.blogspot.com/2017/04/amf.html	Exploit, Third Party Advisory
cret@cert.org	https://www.kb.cert.org/vuls/id/307983	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97382	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://codewhitesec.blogspot.com/2017/04/amf.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/307983	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	graniteds	graniteds	3.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:graniteds:graniteds:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B952992-5FE8-4BA5-8916-D4EE395D627D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Java de los deserializadores AMF3 empleada en GraniteDS, versi\u00f3n 3.1.1.G, podr\u00eda permitir la instanciaci\u00f3n de clases arbitrarias mediante su constructor p\u00fablico sin par\u00e1metros y, en consecuencia, llamar a m\u00e9todos setter arbitrarios de Java Beans. La capacidad para explotar esta vulnerabilidad depende de la disponibilidad de las clases en la ruta de clase que emplea la deserializaci\u00f3n. Un atacante remoto con la capacidad de suplantar o controlar informaci\u00f3n podr\u00eda ser capaz de enviar objetos Java serializados con propiedades preestablecidas que resultan en la ejecuci\u00f3n de c\u00f3digo arbitrario cuando se deserializan."
    }
  ],
  "id": "CVE-2017-3200",
  "lastModified": "2024-11-21T03:25:01.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-11T17:29:00.447",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97382"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/307983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/307983"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-913"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-10830

Vulnerability from cnvd - Published: 2017-06-23

Title

GraniteDS远程代码执行漏洞（CNVD-2017-10830）

Description

GraniteDS（Granite Data Service）是一套开源的用于构建Flex/Java EE RIA应用程序的工具。 GraniteDS 3.1.1.GA版本中存在远程代码执行漏洞。远程攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码。

Severity

高

Formal description

目前没有详细的解决方案提供： https://www.exadel.com/

Reference

http://www.securityfocus.com/bid/97382

Impacted products

Name
GraniteDS GraniteDS 3.1.1.GA

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97382"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3200"
    }
  },
  "description": "GraniteDS\uff08Granite Data Service\uff09\u662f\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8e\u6784\u5efaFlex/Java EE RIA\u5e94\u7528\u7a0b\u5e8f\u7684\u5de5\u5177\u3002\r\n\r\nGraniteDS 3.1.1.GA\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Markus Wulftange",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.exadel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10830",
  "openTime": "2017-06-23",
  "products": {
    "product": "GraniteDS GraniteDS 3.1.1.GA"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97382",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-24",
  "title": "GraniteDS\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-10830\uff09"
}

GSD-2017-3200

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3200

Aliases

CVE-2017-3200

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3200",
    "description": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.",
    "id": "GSD-2017-3200"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3200"
      ],
      "details": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.",
      "id": "GSD-2017-3200",
      "modified": "2023-12-13T01:21:16.736751Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2017-3200",
        "STATE": "PUBLIC",
        "TITLE": "The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Framework",
                    "version": {
                      "version_data": [
                        {
                          "affected": "=",
                          "version_name": "3.1.1.G",
                          "version_value": "3.1.1.G"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "GraniteDS"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-913: Improper Control of Dynamically-Managed Code Resources"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "97382",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97382"
          },
          {
            "name": "https://codewhitesec.blogspot.com/2017/04/amf.html",
            "refsource": "MISC",
            "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
          },
          {
            "name": "VU#307983",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/307983"
          },
          {
            "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
            "refsource": "MISC",
            "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,3.1.1.G]",
          "affected_versions": "All versions up to 3.1.1.g",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2023-07-25",
          "description": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.",
          "fixed_versions": [],
          "identifier": "CVE-2017-3200",
          "identifiers": [
            "GHSA-vx9j-rvmj-jc32",
            "CVE-2017-3200"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.graniteds/granite-core",
          "pubdate": "2022-05-13",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-3200",
            "https://codewhitesec.blogspot.com/2017/04/amf.html",
            "https://www.kb.cert.org/vuls/id/307983",
            "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
            "https://web.archive.org/web/20210124021547/http://www.securityfocus.com/bid/97382",
            "https://github.com/advisories/GHSA-vx9j-rvmj-jc32"
          ],
          "uuid": "268c2f79-e944-4bbc-93dc-69c6b0bd242c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:graniteds:graniteds:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3200"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#307983",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/307983"
            },
            {
              "name": "https://codewhitesec.blogspot.com/2017/04/amf.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
            },
            {
              "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
            },
            {
              "name": "97382",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97382"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-02-05T19:35Z",
      "publishedDate": "2018-06-11T17:29Z"
    }
  }
}

GHSA-VX9J-RVMJ-JC32

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2023-10-10 14:31

Summary

GraniteDS Insecure Deserialization

Details

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.graniteds:granite-server-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.1.1.GA"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-3200"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T23:01:36Z",
    "nvd_published_at": "2018-06-11T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.",
  "id": "GHSA-vx9j-rvmj-jc32",
  "modified": "2023-10-10T14:31:11Z",
  "published": "2022-05-13T01:28:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3200"
    },
    {
      "type": "WEB",
      "url": "https://codewhitesec.blogspot.com/2017/04/amf.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/graniteds/graniteds"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124021547/http://www.securityfocus.com/bid/97382"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/307983"
    },
    {
      "type": "WEB",
      "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "GraniteDS Insecure Deserialization"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3200 (GCVE-0-2017-3200)

FKIE_CVE-2017-3200

CNVD-2017-10830

GSD-2017-3200

GHSA-VX9J-RVMJ-JC32

Tags

Sightings

Nomenclature