oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Deserialization Vulnerability in VMware Xenon (CVE-2017-4947)

From: VMware Security Response Center <security () vmware com>
Date: Fri, 26 Jan 2018 18:39:26 +0000
VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient content-type filtering of 
inbound requests. Successful exploitation of this issue may result in remote code execution.

Fixes/References
--------------
https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1

We would like to thank Chris Todd of VMware for reporting this issue.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security () vmware com
Previous By Date Next
Previous By Thread Next

Current thread: