Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2016-2510

Published: 07/04/2016 Updated: 20/10/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Beanshell

Vulnerability Summary

BeanShell (bsh) prior to 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote malicious users to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Vulnerable Product Search on Vulmon Subscribe to Product

beanshell beanshell 1.0

beanshell beanshell 2.0

debian debian linux 7.0

debian debian linux 8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.10

Vendor Advisories

Red Hat: Important: Red Hat Fuse 7.3.1 security update
Synopsis Important: Red Hat Fuse 731 security update Type/Severity Security Advisory: Important Topic A micro version update (from 73 to 731) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security ...
Ubuntu Security Notice: bsh vulnerability
BeanShell could be made to run programs if it processed specially crafted input ...
Debian Security Advisories: DSA-3504-1 bsh -- security update
Alvaro Muñoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source For the oldstable distribution (wheezy), this problem has been fi ...
Red Hat: CVE-2016-2510
A deserialization flaw allowing remote code execution was found in the BeanShell library If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes A remote attacker could use this flaw to execute arbitrary code with the permissions o ...
Check Point Security Alerts: BeanShell Remote Code Execution (CVE-2016-2510)
Check Point Reference: CPAI-2016-1278 Date Published: 28 Feb 2024 Severity: High ...

Github Repositories

https://github.com/rebujacker/WebRCEPoCs

Most common theorical Web RCE's with some "testing code" and PoC's to practise with (not real CVE's)

Web-RCE-PoC-s Most common theorical Web RCE's with some exploits and PoC's to practise with (not real CVE's) PYTHON: 1Unsafe Deserialization of untrusted input data: a Pickleload(): RCE through Deserialization Using uncontrolled Pickleload Funtion 2Command Injection and Argument Injection: Dangerous Functions: #Three ways to invoke commands in Python

https://github.com/duangsuse-valid-projects/DBeanShell-obsoleted

BeanShell 2016-02-18 Security update Note: A security vulnerability has been identified in BeanShell that could be exploited for remote code execution in applications that has BeanShell on its classpath (CVE-2016-2510) The vulnerability has been fixed in the security update BeanShell 20b6 This is a recommended update for all BeanShell users Introduction BeanShell is a sma

References

CWE-19https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdfhttps://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2cedhttps://github.com/frohoff/ysoserial/pull/13https://github.com/beanshell/beanshell/releases/tag/2.0b6https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49http://www.debian.org/security/2016/dsa-3504http://rhn.redhat.com/errata/RHSA-2016-0540.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0539.htmlhttps://access.redhat.com/errata/RHSA-2016:1135http://www.securityfocus.com/bid/84139https://security.gentoo.org/glsa/201607-17http://www.securitytracker.com/id/1035440http://www.ubuntu.com/usn/USN-2923-1http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.htmlhttps://access.redhat.com/errata/RHSA-2016:1376http://rhn.redhat.com/errata/RHSA-2016-2035.htmlhttps://access.redhat.com/errata/RHSA-2019:1545https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://access.redhat.com/errata/RHSA-2019:1545https://usn.ubuntu.com/2923-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook