Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss Deserialization of Untrusted Data Vulnerability - CVE-2017-7504 - Vulnerability Database
Jboss EAP

Jboss Deserialization of Untrusted Data Vulnerability - CVE-2017-7504

Critical
Reference: CVE-2017-7504
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7504
Title: Jboss Deserialization of Untrusted Data Vulnerability
Overview:

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation which is enabled by default in Red Hat Jboss Application Server Jboss 4.X does not restrict the classes for which it performs deserialization which allows remote attackers to execute arbitrary code via crafted serialized data.