CVE-2014-3518: Code Injection
First published: Tue Jul 22 2014(Updated: )
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Application Platform | =5.2.0 | |
| Redhat Jboss Enterprise Brms Platform | =5.3.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.2 | |
| Redhat Jboss Enterprise Soa Platform | =5.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/5.2.0
- canonical/redhat jboss enterprise brms platform
- version/redhat jboss enterprise brms platform/5.3.1
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/5.2.2
- canonical/redhat jboss enterprise soa platform
- version/redhat jboss enterprise soa platform/5.3.1