Vulnerability Description
The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graniteds | Graniteds | 3.1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97382Third Party AdvisoryVDB Entry
- http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionThird Party Advisory
- https://codewhitesec.blogspot.com/2017/04/amf.htmlExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/307983Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/97382Third Party AdvisoryVDB Entry
- http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionThird Party Advisory
- https://codewhitesec.blogspot.com/2017/04/amf.htmlExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/307983Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-3200?
CVE-2017-3200 is a vulnerability with a CVSS score of 8.1 (HIGH). The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitra...
How severe is CVE-2017-3200?
CVE-2017-3200 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3200?
Check the references section above for vendor advisories and patch information. Affected products include: Graniteds Graniteds.