CVE-2016-6814

CVE Details

Release Date:2018-07-30

Description


When an application with unsupported Codehaus versions of Groovy from1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.

See more information about CVE-2016-6814 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 7.5 Base Metrics: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: Network Attack Complexity: Low
Authentication: None required Confidentiality Impact: Partial
Integrity Impact: Partial Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (groovy)ELSA-2017-24862017-08-17



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete