oss-sec mailing list archives
Deserialization Vulnerability in VMware Xenon (CVE-2017-4947)
From: VMware Security Response Center <security () vmware com>
Date: Fri, 26 Jan 2018 18:39:26 +0000
VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient content-type filtering of inbound requests. Successful exploitation of this issue may result in remote code execution. Fixes/References -------------- https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1 We would like to thank Chris Todd of VMware for reporting this issue. -------------- Edward Hawkins Senior Program Manager, Security Response security () vmware com
Current thread:
- Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) VMware Security Response Center (Jan 26)