7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.113 Low
EPSS
Percentile
95.2%
The serialization implementation in JBoss Drools in Red Hat JBoss
Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before
4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the
embedding of class files, which allows remote attackers to execute
arbitrary code via a crafted static initializer.
Author | Note |
---|---|
mdeslaur | debian says not affected. need to check. |