CVE-2016-8648
First published: Wed Aug 01 2018(Updated: )
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss A-mq | =6.0.0 | |
| Redhat Jboss Fuse | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2016-8648?
CVE-2016-8648 is a vulnerability found in the Karaf container used by Red Hat JBoss Fuse 6.x and Red Hat JBoss A-MQ 6.x.
How does CVE-2016-8648 impact affected software?
CVE-2016-8648 allows an attacker to execute remote code on the server if the target MBean contains deserialized objects passed through JMX operations.
What is the severity level of CVE-2016-8648?
CVE-2016-8648 has a severity level of high with a CVSS score of 7.2.
How can I fix CVE-2016-8648 vulnerability?
To fix the CVE-2016-8648 vulnerability, it is recommended to apply the necessary security patches provided by Red Hat.
Where can I find more information about CVE-2016-8648?
You can find more information about CVE-2016-8648 on the following references: [1] http://www.securityfocus.com/bid/94513 [2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- vendor/redhat
- canonical/redhat jboss a-mq
- version/redhat jboss a-mq/6.0.0
- canonical/redhat jboss fuse
- version/redhat jboss fuse/6.0.0