Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 26 Jan 2018 18:39:26 +0000
From: VMware Security Response Center <security@...are.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Deserialization Vulnerability in VMware Xenon (CVE-2017-4947) 

VMware Xenon contains a deserialization vulnerability (CVE-2017-4947) due to insufficient content-type filtering of inbound requests. Successful exploitation of this issue may result in remote code execution.

Fixes/References
--------------
https://github.com/vmware/xenon/commit/092ea98105040e68c6bd0bdf89b86d149dfad1b1

We would like to thank Chris Todd of VMware for reporting this issue.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security@...are.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.