vulnerability

FreeBSD: bsh -- remote code execution vulnerability (CVE-2016-2510)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Feb 18, 2016	Feb 22, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Feb 18, 2016

Added

Feb 22, 2016

Modified

Oct 30, 2017

Description

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Solution

freebsd-upgrade-package-bsh

References

CVE-2016-2510
https://attackerkb.com/topics/CVE-2016-2510
DEBIAN-DSA-3504
REDHAT-RHSA-2016:0539
REDHAT-RHSA-2016:0540
REDHAT-RHSA-2016:1135
URL-https://github.com/beanshell/beanshell/releases/tag/2.0b6

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today