Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JBOSS_EAP_DOFILTER_RCE.NBIN
HistoryApr 24, 2018 - 12:00 a.m.

JBoss Enterprise Application Platform doFilter() Method Insecure Deserialization RCE

2018-04-2400:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
146
JSON

The JBoss Application Server installed on the remote host is affected by a remote code execution vulnerability. A flaw in the doFilter method of the ReadOnlyAccessFilter class, of the HTTP Invoker service doesn’t restrict classes for which it performs deserialization.
This allows a remote, unauthenticated attacker to execute arbitrary code via crafted serialized data.

To conduct more accurate test and get precise evidence of RCE exploitation please set β€˜Perform thorough tests (may disrupt your network or impact scan speed)’ setting in the Scan Configuration.

Binary data jboss_eap_dofilter_rce.nbin
VendorProductVersionCPE
redhatjboss_enterprise_application_platformcpe:/a:redhat:jboss_enterprise_application_platform
JSON