EUVD-2016-4714

Malware in sbrugna...

Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the...

Design/Logic Flaw

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload...

CVE-2016-3690

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload...

CVE-2016-3690

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload...

CVE-2016-3690

CVE-2016-3690 affects JBoss EAP 4.x/5.x where the PooledInvokerServlet deserializes crafted payloads, enabling remote code execution. The vulnerability stems from insecure deserialization in the servlet, allowing an attacker to run arbitrary code on the JVM. Red Hat guidance notes that the Pooled...

CVE-2016-3690

It was discovered that the LegacyInvokerServlet is exposed on all network interfaces and deserializes objects sent to it. An attacker could use this flaw to cause remote code execution in the JVM running it. Mitigation The PooledInvokerServlet is no longer required and can be removed by following...