logo
DATABASE RESOURCES PRICING ABOUT US

Immunity Canvas: JBOSSMQ_HTTPIL_DESERIALIZATION

Description

**Name**| jbossmq_httpil_deserialization ---|--- **CVE**| CVE-2017-7504 **Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) **Description**| jboss_java_deserialization_rce **Notes**| CVE Name: CVE-2017-7504 VENDOR: Red Hat NOTES: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. VersionsAffected: Red Hat Jboss Application Server <= Jboss 4.X Repeatability: Infinite References: CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7504 Date public: 05/19/2017 CVSS: 9.8


Related