JBOSSAS 4.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 4.x Deserializer Vulnerability The MITRE CVE dictionary describes this issue as: https://access.redhat.com/security/cve/cve-2017-7504 HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is...

CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...

CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...

CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...

PT-2017-17777 · Red Hat · Jboss Application Server +1

Name of the Vulnerable Software and Affected Versions: Jboss Application Server versions prior to 5.0 Description: The issue allows remote attackers to execute arbitrary code via crafted serialized data due to a lack of restriction on the classes for which deserialization is performed in the JMS...