Vulnerabilities

CVE-2017-12149

by Fred · 04/10/2017

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

Date published : 2017-10-04

http://www.securityfocus.com/bid/100591

https://bugzilla.redhat.com/show_bug.cgi?id=1486220

Similar

Tags: Cybersecurity Alert