Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability



Apache Groovy is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Apache Groovy 2.4.4 through 2.4.7 are vulnerable.

Information

Bugtraq ID: 95429
Class: Unknown
CVE: CVE-2016-6814

Remote: Yes
Local: No
Published: Jan 14 2017 12:00AM
Updated: Apr 14 2017 12:04AM
Credit: Sam Thomas of Pentest Limited working with Trend Micro’s Zero Day Initiative
Vulnerable: Redhat JBoss Fuse 6.2
Apache Groovy 2.4.7
Apache Groovy 2.4.6
Apache Groovy 2.4.5
Apache Groovy 2.4.4
Apache Groovy 2.4.3
Apache Groovy 2.4.2
Apache Groovy 2.4.1
Apache Groovy 2.4
Apache Groovy 2.3.9
Apache Groovy 2.3.8
Apache Groovy 2.3.7
Apache Groovy 2.3.6
Apache Groovy 2.3.5
Apache Groovy 2.3.4
Apache Groovy 2.3.3
Apache Groovy 2.3.2
Apache Groovy 2.3.1
Apache Groovy 2.3
Apache Groovy 2.2.2
Apache Groovy 2.2.1
Apache Groovy 2.2
Apache Groovy 2.1.9
Apache Groovy 2.1.8
Apache Groovy 2.1.7
Apache Groovy 2.1.6
Apache Groovy 2.1.5
Apache Groovy 2.1.4
Apache Groovy 2.1.3
Apache Groovy 2.1.2
Apache Groovy 2.1.1
Apache Groovy 2.1
Apache Groovy 2.0.8
Apache Groovy 2.0.7
Apache Groovy 2.0.6
Apache Groovy 2.0.5
Apache Groovy 2.0.4
Apache Groovy 2.0.3
Apache Groovy 2.0.2
Apache Groovy 2.0.1
Apache Groovy 2.0
Apache Groovy 1.8.8
Apache Groovy 1.8.7
Apache Groovy 1.8.6
Apache Groovy 1.8.5
Apache Groovy 1.8.4
Apache Groovy 1.8.3
Apache Groovy 1.8.2
Apache Groovy 1.8.1
Apache Groovy 1.8
Apache Groovy 1.7.11
Apache Groovy 1.7.10
Apache Groovy 1.7.9
Apache Groovy 1.7.8
Apache Groovy 1.7.7
Apache Groovy 1.7.6
Apache Groovy 1.7.5
Apache Groovy 1.7.4
Apache Groovy 1.7.3
Apache Groovy 1.7.2
Apache Groovy 1.7.1
Apache Groovy 1.7


Not Vulnerable: Redhat JBoss Fuse 6.3
Apache Groovy 2.4.8



References:

Source: www.securityfocus.com
Related Posts