Red Hat JBoss EAP deserialization of untrusted data

November 25, 2016 007admin Leave a comment

Posted by Agazzini Maurizio on Nov 25

Security Advisory @ Mediaservice.net Srl
(#05, 23/11/2016) Data Security Division

Title: Red Hat JBoss EAP deserialization of untrusted data
Application: JBoss EAP 5.2.X and prior versions
Description: The application server deserializes untrusted data via
the JMX Invoker Servlet. This can lead to a DoS via
resource exhaustion and potentially remote code…

007 Software

Red Hat JBoss EAP deserialization of untrusted data

Leave a Reply Cancel reply

Software and Security Information