The AMF unmarshallers in Red5 Media Server prior to 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote malicious users to execute arbitrary code via crafted serialized Java data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
red5 media server 1.0.2 |
||
red5 media server 1.0.3 |
||
red5 media server 1.0.4 |
||
red5 media server 1.0.5 |
||
red5 media server 1.0.6 |
||
red5 media server 1.0.7 |
||
red5 media server 1.0.8 |