CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-4271

HIGH
7.5
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile35.57th
Published2013年10月10日
Last Modified2026年4月29日

Vulnerability Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

Affected Platforms (CPE)

📦
Restlet

Restlet

<= 2.1.3
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1
📦
Restlet

Restlet

= 2.1.0
📦
Restlet

Restlet

= 2.1.1
📦
Restlet

Restlet

= 2.1.2

References & Advisories

🔗 http://restlet.org/learn/2.1/changes
🔗 http://rhn.redhat.com/errata/RHSA-2013-1410.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-1862.html
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=999735
🔗 https://github.com/restlet/restlet-framework-java/issues/778
🔗 http://restlet.org/learn/2.1/changes
🔗 http://rhn.redhat.com/errata/RHSA-2013-1410.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-1862.html

相關漏洞威脅

CVE-2012-26567.5

An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtai...

CVE-2013-42217.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources us...

CVE-2017-148687.5

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack...

CVE-2017-149497.5

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conduct...