Name | jbossmq_httpil_deserialization |
CVE | CVE-2017-7504 |
Exploit Pack | CANVAS |
Description | jboss_java_deserialization_rce |
Notes | CVE Name: CVE-2017-7504 VENDOR: Red Hat NOTES: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. VersionsAffected: Red Hat Jboss Application Server <= Jboss 4.X Repeatability: Infinite References: CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7504 Date public: 05/19/2017 CVSS: 9.8 |
Learn more about the CANVAS Exploit Pack here: CANVAS |