ID CVE-2016-7065
Summary The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 23-12-2016 - 02:59)
Impact:
Exploitability:
CWE CWE-502
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 93462
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1382534
exploit-db 40842
fulldisc 20161125 Red Hat JBoss EAP deserialization of untrusted data
Last major update 23-12-2016 - 02:59
Published 13-10-2016 - 14:59
Back to Top