Описание
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Issue Tracking
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Issue Tracking
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
In Jboss Application Server as shipped with Red Hat Enterprise Applica ...
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
Уязвимость метода doFilter в ReadOnlyAccessFilter HTTP платформы JBoss Enterprise Application Platform, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2