Описание
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 4 | jbossas | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Will not fix | ||
| Red Hat JBoss SOA Platform 4 | jbossas | Will not fix | ||
| Red Hat JBoss SOA Platform 5 | jbossas | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=1382534JBoss EAP 5 JMX servlet deserializes Java objects sent via HTTP
EPSS
Процентиль: 94%
0.12098
Средний
8 High
CVSS3
6.5 Medium
CVSS2
Связанные уязвимости
CVSS3: 8.8
nvd
больше 9 лет назад
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
CVSS3: 8.8
github
больше 3 лет назад
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
EPSS
Процентиль: 94%
0.12098
Средний
8 High
CVSS3
6.5 Medium
CVSS2