CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

🔗 References (10)

• secalert@redhathttp://restlet.org/learn/2.1/changes
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-1410.html
• secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-1862.html
• secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=999735
• secalert@redhathttps://github.com/restlet/restlet-framework-java/issues/778
• af854a3a-2127-422b-91ae-364da2661108http://restlet.org/learn/2.1/changes
• af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1410.html
• af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1862.html
• af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=999735
• af854a3a-2127-422b-91ae-364da2661108https://github.com/restlet/restlet-framework-java/issues/778