|
Description
|
|
(#A vulnerability has been identified in JBoss Enterprise Application Platform.#An authenticated remote attacker could exploit it to provoke a denial of service or potentially execute arbitrary code by sending a HTTP request with specially crafted serialized Java objects encapsulated.##This vulnerability stems from a lack of verification upon serialized inputs by the JMX servlet.#Updated, 05/12/2016:#A proof of concept is available.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
Enterprise Application Platform (JBoss Inc.) - 4, 5
|
|
|
|
|
|
Solution
|
|
No solution for the moment.
|
|
|
|
|
|
CVE
|
|
CVE-2016-7065
|
|
|
|
|
|
References
|
|
- Bugzilla : JBoss EAP 5 JMX servlet deserializes Java objects sent via HTTP
https://bugzilla.redhat.com/show_bug.cgi?id=1382534
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
