CVE-2013-4271 Information

Description

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources which allows remote attackers to execute arbitrary Java code via a serialized object a different vulnerability than CVE-2013-4221.

Reference

http://restlet.org/learn/2.1/changes http://rhn.redhat.com/errata/RHSA-2013-1410.html http://rhn.redhat.com/errata/RHSA-2013-1862.html https://bugzilla.redhat.com/show_bug.cgi?id=999735 https://github.com/restlet/restlet-framework-java/issues/778