CVE-2014-9515

Published: Dec 29, 2017

Modified: Aug 22, 2024

PUBLISHED

Description

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

107970

vdb-entry

https://infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf

https://github.com/DozerMapper/dozer/issues/217

https://github.com/pentestingforfunandprofit/research/tree/master/dozer-rce

https://github.com/DozerMapper/dozer/issues/410

https://github.com/DozerMapper/dozer/issues/786

https://github.com/DozerMapper/dozer/pull/447/commits/ccd550696f3df8545319ffa9c6adafc8eca2334c

https://www.oracle.com/security-alerts/cpuApr2021.html

https://security.netapp.com/advisory/ntap-20240719-0002/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9515

Description

Affected Products

References