CVE-2017-12149 in Red Hat Enterprise Application Platforminfo

Summary

In Jboss Application Server as shipped with RedHat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

Reservation

08/01/2017

Disclosure

10/04/2017

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
107482	Red Hat Enterprise Application Platform JBoss Application Server doFilter deserialization	502	Attacked	Official fix	CVE-2017-12149

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!