2 matches found
JBOSSAS 5.x/6.x Deserializer Vulnerability
Exploit for java platform in category web applications JBOSSAS 5.x/6.x Deserializer Vulnerability https://access.redhat.com/security/cve/cve-2017-12149 CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...
JBOSSAS 5.x/6.x 反序列化命令执行漏洞(CVE-2017-12149)
CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-12149 from the MITRE CV...