GraniteDS Multiple Remote Code Execution Vulnerabilities

GraniteDS is prone to multiple remote code execution vulnerabilities.

Successfully exploiting these issues allows attackers to execute arbitrary code in the context of the affected application.

GraniteDS 3.1.1.GA is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97382
Class: Input Validation Error
CVE: CVE-2017-3199
CVE-2017-3200

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Markus Wulftange
Vulnerable: GraniteDS GraniteDS 3.1.1.GA

Not Vulnerable:

References:

• Exadel Flamingo Homepage (Exadel)
  
• AMF â?? Another Malicious Format (AMF)
  
• VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization (CERT)
  

Source: www.securityfocus.com