Arbitrary Code Execution via ObjectRepresentation Deserialization in Restlet
CVE-2013-4271 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Learn more about our Web Application Penetration Testing UK.