Vulnerability CVE-2017-1000034

Vulnerability CVE-2017-1000034

Published: 2017-07-17

Description:

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
AKKA -> AKKA

References:

http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html

Copyright 2024, cxsecurity.com