5 matches found
Design/Logic Flaw
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
CVE-2013-6468
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Drools任意代码执行漏洞
Bugtraq ID:66659 CVE ID:CVE-2013-6468 Drools具有一个易于访问企业策略、易于调整以及易于管理的开源业务规则引擎,符合业内标准,速度快、效率高。 Drools存在一个安全漏洞,允许远程通过验证的攻击者在MVEL或者Drools表达式中提交任意Java代码,可以应用服务安全上下文执行任意代码。 0 Drools 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://rhn.redhat.com/errata/RHSA-2014-0371.html...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...