Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-6814

Published: 18/01/2018 Updated: 15/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Groovy

Vulnerability Summary

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an malicious user to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache groovy

redhat enterprise linux server 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2016-6814
Debian Bug report logs - #851408 CVE-2016-6814 Package: src:groovy; Maintainer for src:groovy is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 14 Jan 2017 16:03:02 UTC Severity: grave Tags: security Found in versions groovy/247-4 ...
Red Hat: CVE-2016-6814
It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized All applications which rely on serialization and do not isolate the code which deserializes objects ...

Github Repositories

https://github.com/smnalley/Codepath-Assignment-7

Procedures and proofs of concept for Assignment 7, Kali Linux vs. Wordpress

Codepath-Assignment-7 Procedures and proofs of concept for Assignment 7, Kali Linux vs Wordpress Exploit 1: Cross-site scripting via comment section, CVE unknown, Ver <=42 klikkifi/adv/wordpress2html Go to the comment section of any post on version 42 of Wordpress or earlier Inject a malicious script into a comment There appear to be no escaping requirem

https://github.com/anushareddy139/wpvskali

Wordpress VS Kali Exploits : 1 Comment Cross-Site Scripting Summary: Vulnerability type(s): XSS (2017 OWASP Top 10: A7) Version(s) affected: Wordpress 39 - 51 Tested in version: 42 Fixed in version: 4223 GIF Walkthrough:

Recent Articles

Oracle Hospitality apps rolled out the Big Red carpet to crims
The Register • Richard Chirgwin • 18 Oct 2017

Brrrt! Brrrt! Brrrt! Big Red's bug gun targets 252 bugs, and you for not patching fast enough

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customer...

Read more...

References

CWE-502http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3Ehttps://access.redhat.com/errata/RHSA-2017:2596https://access.redhat.com/errata/RHSA-2017:2486https://access.redhat.com/errata/RHSA-2017:0868http://www.securitytracker.com/id/1039600http://www.securityfocus.com/bid/95429http://rhn.redhat.com/errata/RHSA-2017-0272.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://security.gentoo.org/glsa/202003-01https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851408https://nvd.nist.govhttps://github.com/smnalley/Codepath-Assignment-7https://access.redhat.com/security/cve/cve-2016-6814
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook