What is the severity of CVE-2016-3690?

CVE-2016-3690 is considered a critical vulnerability due to unauthorized access and dangerous deserialization issues.

How do I fix CVE-2016-3690?

To fix CVE-2016-3690, you need to update your Red Hat JBoss Enterprise Application Platform to a version that is patched against this vulnerability.

What versions are affected by CVE-2016-3690?

CVE-2016-3690 affects Red Hat JBoss Enterprise Application Platform versions 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.1.1, 5.1.2, and 5.2.0.

What should I do if I cannot upgrade to a fixed version for CVE-2016-3690?

If upgrading is not possible, consider implementing security measures such as network access controls and application-level security to mitigate the risk from CVE-2016-3690.

Is CVE-2016-3690 related to any other vulnerabilities?

Yes, CVE-2016-3690 is one of the attack vectors for CVE-2015-7501, indicating an interconnected vulnerability scenario.

Vulnerability/
CVE-2016-3690

critical

9.8

CWE

502

14/4/2016

8/6/2017

6/8/2024

CVE-2016-3690

First published: Thu Apr 14 2016(Updated: )

The HA Pooled Invoker allows unauthorised access, and deserializes any payload sent to it. This is one of the attack vectors for <a href="https://access.redhat.com/security/cve/CVE-2015-7501">CVE-2015-7501</a>. There are many new gadget chains available in the ysoserial project. For example the Beanshell library could be used to create a malicious serialized object. When deserialized by the HA Pooled Invoker servlet allows remote code execution.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat JBoss Enterprise Application Platform	=4.2.0
Red Hat JBoss Enterprise Application Platform	=4.3.0
Red Hat JBoss Enterprise Application Platform	=5.0.0
Red Hat JBoss Enterprise Application Platform	=5.1.0
Red Hat JBoss Enterprise Application Platform	=5.1.1
Red Hat JBoss Enterprise Application Platform	=5.1.2
Red Hat JBoss Enterprise Application Platform	=5.2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3690?
CVE-2016-3690 is considered a critical vulnerability due to unauthorized access and dangerous deserialization issues.
How do I fix CVE-2016-3690?
To fix CVE-2016-3690, you need to update your Red Hat JBoss Enterprise Application Platform to a version that is patched against this vulnerability.
What versions are affected by CVE-2016-3690?
CVE-2016-3690 affects Red Hat JBoss Enterprise Application Platform versions 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.1.1, 5.1.2, and 5.2.0.
What should I do if I cannot upgrade to a fixed version for CVE-2016-3690?
If upgrading is not possible, consider implementing security measures such as network access controls and application-level security to mitigate the risk from CVE-2016-3690.
Is CVE-2016-3690 related to any other vulnerabilities?
Yes, CVE-2016-3690 is one of the attack vectors for CVE-2015-7501, indicating an interconnected vulnerability scenario.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/references
agent/event
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-3690
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat jboss enterprise application platform
version/red hat jboss enterprise application platform/4.2.0
version/red hat jboss enterprise application platform/4.3.0
version/red hat jboss enterprise application platform/5.0.0
version/red hat jboss enterprise application platform/5.1.0
version/red hat jboss enterprise application platform/5.1.1
version/red hat jboss enterprise application platform/5.1.2
version/red hat jboss enterprise application platform/5.2.0

Frequently Asked Questions

What is the severity of CVE-2016-3690?
CVE-2016-3690 is considered a critical vulnerability due to unauthorized access and dangerous deserialization issues.
How do I fix CVE-2016-3690?
To fix CVE-2016-3690, you need to update your Red Hat JBoss Enterprise Application Platform to a version that is patched against this vulnerability.
What versions are affected by CVE-2016-3690?
CVE-2016-3690 affects Red Hat JBoss Enterprise Application Platform versions 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.1.1, 5.1.2, and 5.2.0.
What should I do if I cannot upgrade to a fixed version for CVE-2016-3690?
If upgrading is not possible, consider implementing security measures such as network access controls and application-level security to mitigate the risk from CVE-2016-3690.
Is CVE-2016-3690 related to any other vulnerabilities?
Yes, CVE-2016-3690 is one of the attack vectors for CVE-2015-7501, indicating an interconnected vulnerability scenario.

CVE-2016-3690

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3690?

How do I fix CVE-2016-3690?

What versions are affected by CVE-2016-3690?

What should I do if I cannot upgrade to a fixed version for CVE-2016-3690?

Is CVE-2016-3690 related to any other vulnerabilities?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-3690?

How do I fix CVE-2016-3690?

What versions are affected by CVE-2016-3690?

What should I do if I cannot upgrade to a fixed version for CVE-2016-3690?

Is CVE-2016-3690 related to any other vulnerabilities?