Menu
▾
▴
[Jython-users] CVE-2016-4000
|
From: Samuel S. <sam...@we...> - 2019-06-21 10:57:58
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">Hello,</span></span></p> <p> </p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">I am using the jython package for an project and have a question about an issue you had.</span></span></p> <p> </p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">The used version is 2.5.3 and unfortunally it can not be updated to 2.7.1. Now I found the following issue: </span></span></p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000" style="color:#0563c1; text-decoration:underline">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000</a></span></span></p> <p> </p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">It notices that jython allows attackers to execute arbitrary code and I wanted to ask what kind of code could be executed?</span></span></p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">Is it only python code which could be executed or is it possible to execute any kind of binary code? </span></span></p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">And is it possible to have influence on the server outside of the application or does it just affect my application?</span></span></p> <p> </p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">I hope you can help me with that question.</span></span></p> <p> </p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">Best regards,</span></span></p> <p><span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">Samuel Schober</span></span></p> </div></div></body></html> |