SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Red Hat JBoss Application Server Insecure Deserialization

Category: WEB-ATTACKS      

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12149


Relevant Information