Security Advisory

CVE-2017-12149

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-04 20:00:00

Last updated 2025-10-21 23:55:31

Assigner redhat

State PUBLISHED

Description

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

← Browse all CVEs View on cve.org ↗