Lucene search
Ubuntu.comUB:CVE-2010-3708HistoryDec 30, 2010 - 12:00 a.m.
CVE-2010-3708
2010-12-3000:00:00
ubuntu.com
ubuntu.com
7
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.113 Low
EPSS
Percentile
95.2%
The serialization implementation in JBoss Drools in Red Hat JBoss
Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before
4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the
embedding of class files, which allows remote attackers to execute
arbitrary code via a crafted static initializer.
Bugs
- <https://issues.jboss.org/browse/SOA-2319>
- <https://bugzilla.redhat.com/show_bug.cgi?id=633859>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581226>
Notes
| Author | Note |
|---|---|
| mdeslaur | debian says not affected. need to check. |
Related
prion
prion
Design/Logic Flaw
2010-12-30 21:00:00
cve
cve
CVE-2010-3708
2010-12-30 21:00:01
cvelist
cvelist
CVE-2010-3708
2010-12-30 20:00:00
nvd
nvd
CVE-2010-3708
2010-12-30 21:00:01
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:50:35
osv
osv
github
github
openvas
openvas
nessus
nessus
RHEL 4 : JBoss EAP (RHSA-2010:0937)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2010:0938)
2013-01-24 00:00:00
redhat
redhat
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.113 Low
EPSS
Percentile
95.2%
Related for UB:CVE-2010-3708