CVE-2017-7504
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
Produtos afetados
Red Hat, Inc. · JBossQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →