Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-3737
HistoryAug 26, 2016 - 1:12 a.m.

CVE-2016-3737

2016-08-2601:12:40
redhat.com
access.redhat.com
9

0.008 Low

EPSS

Percentile

81.6%

JSON

It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution.

Mitigation

Apply the configuration changes described in the documentation here: <https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/JBoss_ON_and_SSL-Authentication.html&gt;
For more information, refer to <https://access.redhat.com/articles/2570101&gt;.

Related

nvd 2
openvas 1
cve 2
nessus 1
cvelist 2
prion 2
redhatcve 1
redhat 1
nvd
nvd
CVE-2016-3737
2016-08-02 14:59:01
CVE-2016-6330
2016-09-27 15:59:06
openvas
openvas
Red Hat JBoss Operations Network (JON) < 3.3.6 Deserialization RCE Vulnerability
2016-07-28 00:00:00
cve
cve
CVE-2016-3737
2016-08-02 14:59:01
CVE-2016-6330
2016-09-27 15:59:06
nessus
nessus
Red Hat JBoss Operations Network Java Object Deserialization RCE
2016-06-06 00:00:00
cvelist
cvelist
CVE-2016-3737
2016-08-02 14:00:00
CVE-2016-6330
2016-09-27 15:00:00
prion
prion
Deserialization of untrusted data
2016-08-02 14:59:00
Deserialization of untrusted data
2016-09-27 15:59:00
redhatcve
redhatcve
CVE-2016-6330
2016-08-22 01:18:41
redhat
redhat
(RHSA-2016:1519) Critical: Red Hat JBoss Operations Network 3.3.6 update
2016-07-27 15:19:01

0.008 Low

EPSS

Percentile

81.6%

JSON
Related for RH:CVE-2016-3737
nvd2openvas1cve2nessus1cvelist2prion2redhatcve1redhat1