logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2017-7504

Description

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.


Affected Software


CPE Name Name Version
redhat:jboss_enterprise_application_platform redhat jboss enterprise application platform 4.0

Related