CVE-2015-0297
First published: Fri Apr 24 2015(Updated: )
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Operations Network | =3.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0297?
CVE-2015-0297 has been classified as a critical severity vulnerability.
How do I fix CVE-2015-0297?
To fix CVE-2015-0297, upgrade to Red Hat JBoss Operations Network version 3.3.2 or later.
What type of attacks can exploit CVE-2015-0297?
CVE-2015-0297 can be exploited to execute arbitrary Java methods or cause denial of service through disk consumption.
Which version of Red Hat JBoss Operations Network is affected by CVE-2015-0297?
Red Hat JBoss Operations Network version 3.3.1 is affected by CVE-2015-0297.
Is remote access required to exploit CVE-2015-0297?
Yes, CVE-2015-0297 allows remote attackers to exploit the vulnerability without authentication.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss operations network
- version/red hat jboss operations network/3.3.1