Published: 29/04/2017 Updated: 26/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

XStream up to and including 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xstream project xstream
debian debian linux 8.0
debian debian linux 9.0

Synopsis Important: Red Hat JBoss BPM Suite 646 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BPM SuiteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: Red Hat JBoss BRMS 646 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BRMSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, wh ...

Debian Bug report logs - #861521 libxstream-java: CVE-2017-7957 Package: src:libxstream-java; Maintainer for src:libxstream-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 30 Apr 2017 06:00:02 UTC Severity: grave Tags: se ...

It was discovered that XStream, a Java library to serialise objects to XML and back again, was suspectible to denial of service during unmarshalling For the stable distribution (jessie), this problem has been fixed in version 147-2+deb8u2 For the upcoming stable distribution (stretch), this problem will be fixed soon For the unstable distribut ...

It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void' An attacker could use this flaw to create a denial of service on the ...

To demo security issues specific to xstream v1.4.11. Look at https://github.com/pkrajanand/xstream_v1_4_9_security_issues for v1.4.9 behaviour

Overview This repository contains the junit tests to demonstrate how XStream v1411 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in

To demo security issues specific to xstream v1.4.11. Look at https://github.com/pkrajanand/xstream_v1_4_9_security_issues for v1.4.9 behaviour

Overview This repository contains the junit tests to demonstrate how XStream v1411 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in

To demo security issues specific to xstream v1.4.9. Go to https://github.com/pkrajanand/xstream_1_4_11_security_issues for v1.4.11

Overview This repository contains the junit tests to demonstrate how XStream v149 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in v

DevSecOps Ugly Spring Boot - Kotlin application used to test security scanner XSS: localhost:8080/article?slug=%3Cscript%3Ealert(%22TEST%22);%3C/script%3E SQL injection: localhost:8080/user?login=abc%27%20or%20%271%27=%271 Vulnerable library: xstream 142: x-streamgithubio/CVE-2017-7957html

To demo security issues specific to xstream v1.4.9. Go to https://github.com/pkrajanand/xstream_1_4_11_security_issues for v1.4.11

Overview This repository contains the junit tests to demonstrate how XStream v149 respond to the security issues x-streamgithubio/CVE-2013-7285html and x-streamgithubio/CVE-2017-7957html Summary on behaviour through v147 to v14111 A way to deal with CVE_2013_7285 is provided through v147 But issue again is showed up while fixing CVE-2017-7957 in v

CWE-20 http://x-stream.github.io/CVE-2017-7957.html http://www.securityfocus.com/bid/100687 http://www.securitytracker.com/id/1039499 http://www.debian.org/security/2017/dsa-3841 https://access.redhat.com/errata/RHSA-2017:2889 https://access.redhat.com/errata/RHSA-2017:2888 https://access.redhat.com/errata/RHSA-2017:1832 https://www-prd-trops.events.ibm.com/node/715749 https://exchange.xforce.ibmcloud.com/vulnerabilities/125800 https://access.redhat.com/errata/RHSA-2017:2889 https://nvd.nist.gov https://github.com/pkrajanand/xstream_1_4_11_security_issues https://www.debian.org/security/./dsa-3841

CVE-2017-7957

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect