CVE-2016-6814 in Apache and Red Hat Products
Published on January 18, 2018
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
Products Associated with CVE-2016-6814
stack.watch emails you whenever new vulnerabilities are published in Apache Groovy or Red Hat Enterprise Linux Server. Just hit a watch button to start following.
Exploit Probability
EPSS
25.71%
Percentile
96.13%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.