First published: Tue Aug 29 2017(Updated: )
The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
JBoss Enterprise Application Platform | ||
JBoss Enterprise Application Platform | =5.0.0 | |
JBoss Enterprise Application Platform | =5.0.1 | |
JBoss Enterprise Application Platform | =5.1.0 | |
JBoss Enterprise Application Platform | =5.1.1 | |
JBoss Enterprise Application Platform | =5.1.2 | |
JBoss Enterprise Application Platform | =5.2.0 | |
JBoss Enterprise Application Platform | =5.2.1 | |
JBoss Enterprise Application Platform | =5.2.2 | |
JBoss Application Server |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-12149 is considered critical due to its potential for remote code execution.
To fix CVE-2017-12149, you should update to a patched version of Red Hat JBoss Enterprise Application Platform beyond 5.2.2.
CVE-2017-12149 affects Red Hat JBoss Enterprise Application Platform versions 5.0.0 through 5.2.2.
Yes, CVE-2017-12149 can be exploited remotely by sending crafted serialized data to the affected application.
CVE-2017-12149 is a deserialization vulnerability that can lead to the execution of arbitrary code.