Arbitrary Code Execution during Deserialization Affecting org.beanshell:bsh Open this link in a new tab package, versions [0,]

Exploit Maturity

Proof of concept
Attack Complexity

High
Confidentiality

High
Integrity

High
Availability

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGBEANSHELL-72452
published

22 Feb 2016
disclosed

22 Feb 2016
credit

Alvaro Munoz, Christian Schneider

Report a new vulnerability Found a mistake?

Introduced: 22 Feb 2016

CVE-2016-2510 Open this link in a new tab CWE-502 Open this link in a new tab

How to fix?

There is no fixed version for org.beanshell:bsh.

Overview

org.beanshell:bsh is a Java source interpreter with object scripting language features, written in Java.

Affected versions of this package are vulnerable to Arbitrary Code Execution during Deserialization. When included on the classpat by an application that uses Java serialization or XStream, A remote attacker could execute arbitrary code via crafted serialized data, related to XThis.Handler.

Arbitrary Code Execution during Deserialization Affecting org.beanshell:bsh Open this link in a new tab package, versions [0,]

Exploit Maturity

Attack Complexity

Confidentiality

Integrity

Availability

snyk-id

published

disclosed

credit

Introduced: 22 Feb 2016

How to fix?

Overview

References