|
|
Matthias Kaiser created an issue |
|
Issue Type: |
|
|---|---|
|
Affects Versions: |
2.7.1.1 |
|
Assignee: |
Unassigned |
|
Attachments: |
geoserver.txt |
|
Components: |
REST |
|
Created: |
24/Jul/15 12:45 PM |
|
Labels: |
Security |
|
Priority: |
|
|
Reporter: |
|
Hello GeoServer Team, I’d like to report to you a remote code execution vulnerability. The the attached requests executes" /usr/bin/xterm" on the target The problem is that your REST implementation is using Xstream that is configured in an insecure way. Please let me know if you have any questions. Thank you, |
|
|
|
This message was sent by Atlassian JIRA (v6.5-OD-08-001#65007-sha1:1fc9846) |
|
|