Main Vulnerability Database Exploits ID:3810 - Exploit for Deserialization of Untrusted Data in JBoss Enterprise Application Platform - CVE-2016-7065

ID:3810 - Exploit for Deserialization of Untrusted Data in JBoss Enterprise Application Platform - CVE-2016-7065

Published: August 9, 2020

Vulnerability identifier: #VU40073

Vulnerability risk: High

CVE-ID: CVE-2016-7065

CWE-ID: CWE-502

Exploitation vector: Remote access

Vulnerable software:
JBoss Enterprise Application Platform

Link to public exploit:

https://www.exploit-db.com/exploits/40842/

Vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

Remediation

Install update from vendor's website.

ID:3810 - Exploit for Deserialization of Untrusted Data in JBoss Enterprise Application Platform - CVE-2016-7065

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human