REDHAT-BUG-1382534
First published: Fri Oct 07 2016(Updated: )
JBoss EAP 4 and 5 JMX servlet is exposed on port 8080/TCP with authentication by default. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects. This behavior can be exploited to cause a denial of service and potentially execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform | >=4.0<6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1382534?
The severity of REDHAT-BUG-1382534 is considered high as it can lead to a denial of service.
How do I fix REDHAT-BUG-1382534?
To fix REDHAT-BUG-1382534, upgrade to a version of JBoss EAP that is beyond 6.0.
What systems are affected by REDHAT-BUG-1382534?
REDHAT-BUG-1382534 affects Red Hat JBoss EAP versions 4.0 through 6.0.
Can REDHAT-BUG-1382534 be exploited remotely?
Yes, REDHAT-BUG-1382534 can potentially be exploited remotely due to the JMX servlet exposed on port 8080.
What type of attack can REDHAT-BUG-1382534 facilitate?
REDHAT-BUG-1382534 can facilitate denial of service attacks through the deserialization of malicious Java objects.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-7065
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat jboss enterprise application platform