CVE-2017-7504
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
Productos afectados
Red Hat, Inc. · JBoss¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →