CVE-2016-2170
Published at:
-
12-04-2016 04:59
Last modified:
-
25-05-2022 10:39
Total changes:
-
8
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
Verification logic
Reference
- http://packetstormsecurity.com/files/136639/Apache-OFBiz-13.07.02-13.07.01-Information-Disclosure.html
- https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04
- https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07
- https://cwiki.apache.org/confluence/display/OFBIZ/The+infamous+Java+serialization+vulnerability
- http://ofbiz.apache.org/download.html#vulnerabilities
- https://issues.apache.org/jira/browse/OFBIZ-6726
- 1035513-Third Party Advisory, VDB Entry
- 20160408 CVE-2016-2170: Apache OFBiz information disclosure vulnerability-Third Party Advisory, VDB Entry
- [ofbiz-dev] 20210325 Comment out the SOAP and HTTP engines?-Mailing List, Vendor Advisory
- [ofbiz-dev] 20210325 Re: Comment out the SOAP and HTTP engines?-Mailing List, Vendor Advisory
- [ofbiz-dev] 20210329 Re: Comment out the SOAP and HTTP engines?-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-12167) Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20210605 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]-Issue Tracking, Mailing List, Vendor Advisory
- [ofbiz-notifications] 20210729 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]-Issue Tracking, Mailing List, Vendor Advisory
Keywords