CVE-2017-7504
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
Affected products
Red Hat, Inc. · JBossWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →