Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.

  • Published: Jun 8, 2017
  • Updated: Nov 9, 2025
  • CVE: CVE-2017-5878
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
red5 / media_server 1.0.2 1.0.2.x
red5 / media_server 1.0.2-milestone1 1.0.2-milestone1.x
red5 / media_server 1.0.3 1.0.3.x
red5 / media_server 1.0.4 1.0.4.x
red5 / media_server 1.0.5 1.0.5.x
red5 / media_server 1.0.6 1.0.6.x
red5 / media_server 1.0.7 1.0.7.x
red5 / media_server 1.0.7-milestone1 1.0.7-milestone1.x
red5 / media_server 1.0.7-milestone2 1.0.7-milestone2.x
red5 / media_server 1.0.7-milestone3 1.0.7-milestone3.x
red5 / media_server 1.0.7-milestone4 1.0.7-milestone4.x
red5 / media_server 1.0.7-milestone5 1.0.7-milestone5.x
red5 / media_server 1.0.7-milestone6 1.0.7-milestone6.x
red5 / media_server 1.0.7-milestone7 1.0.7-milestone7.x
red5 / media_server 1.0.8-milestone1 1.0.8-milestone1.x
red5 / media_server 1.0.8-milestone10 1.0.8-milestone10.x
red5 / media_server 1.0.8-milestone11 1.0.8-milestone11.x
red5 / media_server 1.0.8-milestone12 1.0.8-milestone12.x
red5 / media_server 1.0.8-milestone13 1.0.8-milestone13.x
red5 / media_server 1.0.8-milestone2 1.0.8-milestone2.x
red5 / media_server 1.0.8-milestone3 1.0.8-milestone3.x
red5 / media_server 1.0.8-milestone4 1.0.8-milestone4.x
red5 / media_server 1.0.8-milestone5 1.0.8-milestone5.x
red5 / media_server 1.0.8-milestone6 1.0.8-milestone6.x
red5 / media_server 1.0.8-milestone7 1.0.8-milestone7.x
red5 / media_server 1.0.8-milestone8 1.0.8-milestone8.x
red5 / media_server 1.0.8-milestone9 1.0.8-milestone9.x