Lucene search

K

[email protected]NVD:CVE-2010-3708

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-3708

2010-12-3021:00:01

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.

Affected configurations

NVD

Node

redhatjboss_enterprise_application_platformMatch4.3.0

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp01

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp02

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp03

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp04

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp05

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp06

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp07

OR

redhatjboss_enterprise_application_platformMatch4.3.0cp08

Node

redhatjboss_enterprise_soa_platformMatch4.2.0

OR

redhatjboss_enterprise_soa_platformMatch4.2.0cp01

OR

redhatjboss_enterprise_soa_platformMatch4.2.0cp02

OR

redhatjboss_enterprise_soa_platformMatch4.2.0cp03

OR

redhatjboss_enterprise_soa_platformMatch4.2.0cp04

OR

redhatjboss_enterprise_soa_platformMatch4.2.0cp05

OR

redhatjboss_enterprise_soa_platformMatch4.2.0tp02

OR

redhatjboss_enterprise_soa_platformMatch4.3.0

OR

redhatjboss_enterprise_soa_platformMatch4.3.0cp01

OR

redhatjboss_enterprise_soa_platformMatch4.3.0cp02

OR

redhatjboss_enterprise_soa_platformMatch4.3.0cp03

OR

redhatjboss_enterprise_soa_platformMatch4.3.0cp04

References

securitytracker.com/id?1024813

www.redhat.com/support/errata/RHSA-2010-0937.html

www.redhat.com/support/errata/RHSA-2010-0938.html

www.redhat.com/support/errata/RHSA-2010-0939.html

www.redhat.com/support/errata/RHSA-2010-0940.html

bugzilla.redhat.com/show_bug.cgi?id=633859

issues.jboss.org/browse/SOA-2319

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

Related for NVD:CVE-2010-3708

ubuntucve1 veracode1 github1 osv1 prion1 cve1 cvelist1 redhat2 openvas1 nessus2