Vulnerability Details : CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
Products affected by CVE-2013-4271
- cpe:2.3:a:restlet:restlet:*:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone5:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone4:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone3:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone2:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone6:*:*:*:*:*:*
- cpe:2.3:a:restlet:restlet:2.1:milestone1:*:*:*:*:*:*
Threat overview for CVE-2013-4271
Top countries where our scanners detected CVE-2013-4271
Top open port discovered on systems with this issue
80
IPs affected by CVE-2013-4271 190
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-4271!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-4271
0.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4271
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4271
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4271
-
http://restlet.org/learn/2.1/changes
Vendor Advisory
-
https://github.com/restlet/restlet-framework-java/issues/778
SECURITY: Arbitrary binary deserialization leading to a variety of security impacts in restlet · Issue #778 · restlet/restlet-framework-java · GitHubPatch;Issue Tracking;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1862.html
RHSA-2013:1862 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=999735
999735 – (CVE-2013-4271) CVE-2013-4271 Restlet: remote code execution due to insecure deserializationIssue Tracking
-
http://rhn.redhat.com/errata/RHSA-2013-1410.html
RHSA-2013:1410 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to