Lucene search
PRIOn knowledge basePRION:CVE-2010-3708HistoryDec 30, 2010 - 9:00 p.m.
Design/Logic Flaw
2010-12-3021:00:00
PRIOn knowledge base
www.prio-n.com
2
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.
References
securitytracker.com/id?1024813
www.redhat.com/support/errata/RHSA-2010-0937.html
www.redhat.com/support/errata/RHSA-2010-0938.html
www.redhat.com/support/errata/RHSA-2010-0939.html
www.redhat.com/support/errata/RHSA-2010-0940.html
bugzilla.redhat.com/show_bug.cgi?id=633859
issues.jboss.org/browse/SOA-2319
Related
ubuntucve
ubuntucve
CVE-2010-3708
2010-12-30 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:50:35
github
github
osv
osv
cve
cve
CVE-2010-3708
2010-12-30 21:00:01
cvelist
cvelist
CVE-2010-3708
2010-12-30 20:00:00
nvd
nvd
CVE-2010-3708
2010-12-30 21:00:01
redhat
redhat
openvas
openvas
nessus
nessus
RHEL 4 : JBoss EAP (RHSA-2010:0937)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2010:0938)
2013-01-24 00:00:00