Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-8648
HistoryNov 24, 2016 - 6:47 a.m.

CVE-2016-8648

2016-11-2406:47:35
redhat.com
access.redhat.com
20

0.001 Low

EPSS

Percentile

40.6%

JSON

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.

Mitigation

In order to exploit this issue you need to have credentials of a user with the 'admin' role. Therefore a good mitigation against this attack is to set a strong password for any user with the 'admin' role in the 'etc/users.properties' file of the Red Hat JBoss Fuse 6, or Red Hat JBoss AM-Q 6.

Related

nvd 1
cvelist 1
cve 1
prion 1
nvd
nvd
CVE-2016-8648
2018-08-01 14:29:00
cvelist
cvelist
CVE-2016-8648
2018-08-01 14:00:00
cve
cve
CVE-2016-8648
2018-08-01 14:29:00
prion
prion
Deserialization of untrusted data
2018-08-01 14:29:00

0.001 Low

EPSS

Percentile

40.6%

JSON
Related for RH:CVE-2016-8648
nvd1cvelist1cve1prion1