Описание
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | BusinessCentral | Affected | ||
| Red Hat JBoss BRMS 5 | jbossas | Will not fix | ||
| Red Hat JBoss BRMS 6 | BusinessCentral | Affected | ||
| Red Hat JBoss Enterprise Application Platform 5.2.0 | bsh2 | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | Camel | Affected | ||
| Red Hat JBoss Operations Network 3 | Core Server | Not affected | ||
| Red Hat Fuse 7.3.1 | camel | Fixed | RHSA-2019:1545 | 18.06.2019 |
| Red Hat JBoss BPMS 6.2 | Fixed | RHSA-2016:0539 | 30.03.2016 | |
| Red Hat JBoss BRMS 6.2 | Fixed | RHSA-2016:0540 | 30.03.2016 | |
| Red Hat JBoss Data Virtualization 6.2 | bsh2 | Fixed | RHSA-2016:1135 | 26.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
BeanShell (bsh) before 2.0b6, when included on the classpath by an app ...
EPSS
7.4 High
CVSS3
6.8 Medium
CVSS2