Arbitrary Code Execution via Unrestricted Class Deserialization in Red5 Media Server
CVE-2017-5878 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
Learn more about our Cis Benchmark Audit For Server Software.