Deserialization of untrusted data

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

CVE-2016-3737

It was discovered that sending specially crafted HTTP request to the JON server would allow deserialization of that message without authentication. An attacker could use this flaw to cause remote code execution. Mitigation Apply the configuration changes described in the documentation here: For...

CVE-2016-6330

The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...

CVE-2016-3737

The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...

CVE-2016-3737

The CVE-2016-3737 entry concerns Red Hat JBoss Operations Network (JON) prior to 3.3.6, where remote code execution is possible through a crafted HTTP request due to deserialization issues in the JON server. The issue is tied to message deserialization and is referenced across several feeds (NVD,...

Red Hat JBoss Operations Network (JON) < 3.3.6 Deserialization RCE Vulnerability

Red Hat JBoss Operations Network JON is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...