Immunity CanvasJBOSSMQ_HTTPIL_DESERIALIZATIONImmunity Canvas: JBOSSMQ_HTTPIL_DESERIALIZATION
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.269 Low
EPSS
Percentile
96.3%
| Name | jbossmq_httpil_deserialization |
|---|---|
| CVE | CVE-2017-7504 Exploit Pack |
| VENDOR: Red Hat | |
| NOTES: HTTPServerILServlet.java in JMS over HTTP Invocation Layer | |
| of the JbossMQ implementation, which is enabled by default in | |
| Red Hat Jboss Application Server <= Jboss 4.X does not restrict | |
| the classes for which it performs deserialization, which allows | |
| remote attackers to execute arbitrary code via crafted | |
| serialized data. |
VersionsAffected: Red Hat Jboss Application Server <= Jboss 4.X
Repeatability: Infinite
References:
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7504
Date public: 05/19/2017
CVSS: 9.8
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.269 Low
EPSS
Percentile
96.3%