Описание
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
It was found that the JMX endpoint of Red Hat JBoss EAP 5 deserializes the credentials passed to it. An attacker could use this flaw to cause a denial of service.
Меры по смягчению последствий
You should not expose Remote JMX on EAP 5, or SOA-P 5. To do that remove this system property from bin/run.conf, or bin/run.conf.bat: com.sun.management.jmxremote.port=
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Will not fix | ||
| Red Hat JBoss SOA Platform 5 | jbossas | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
EPSS
5.3 Medium
CVSS3
2.6 Low
CVSS2