Posted by Agazzini Maurizio on Nov 25
Security Advisory @ Mediaservice.net Srl
(#05, 23/11/2016) Data Security Division
Title: Red Hat JBoss EAP deserialization of untrusted data
Application: JBoss EAP 5.2.X and prior versions
Description: The application server deserializes untrusted data via
the JMX Invoker Servlet. This can lead to a DoS via
resource exhaustion and potentially remote code…