8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-3199

GHSA ID

GHSA-8m35-r25c-qr56

EPSS Score

0.94101%

CWE

CWE-502

Published

5/13/2022

Updated

10/6/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-3199

CVE-2017-3199: GraniteDS Insecure Deserialization

The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-3199

GHSA ID

GHSA-8m35-r25c-qr56

EPSS Score

0.94101%

CWE

CWE-502

Published

5/13/2022

Updated

10/6/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.graniteds:granite-core	maven	<= 3.1.1.GA

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from GraniteDS's AMF3 deserialization implementation using java.io.Externalizable (dangerous Java serialization interface) rather than the Flash-specific IExternalizable. The readObject method in AMF3Deserializer would be responsible for instantiating Externalizable classes and invoking their readExternal() method. This matches the attack vector described in CVE-2017-3199 where attacker-controlled Externalizable objects (e.g., RMI-related classes) execute code during deserialization. The Code White blog explicitly identifies this pattern as the root cause, and the CVE description confirms the impact via RMI abuse.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** J*v* impl*m*nt*tion o* *r*nit**S, v*rsion *.*.*.**, *M** **s*ri*liz*rs **riv*s *l*ss inst*n**s *rom j*v*.io.*xt*rn*liz**l* r*t**r t**n t** *M** sp**i*i**tion's r**omm*n**tion o* *l*s*.utils.I*xt*rn*liz**l*. * r*mot* *tt**k*r wit* t** **ility to s

Reasoning

T** vuln*r**ility st*ms *rom *r*nit**S's *M** **s*ri*liz*tion impl*m*nt*tion usin* `j*v*.io.*xt*rn*liz**l*` (**n**rous J*v* s*ri*liz*tion int*r****) r*t**r t**n t** *l*s*-sp**i*i* `I*xt*rn*liz**l*`. T** `r***O*j**t` m*t*o* in `*M****s*ri*liz*r` woul*

8.1

Basic Information

Concerned about an active attack path?

CVE-2017-3199: GraniteDS Insecure Deserialization

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI