#VU40073 Deserialization of Untrusted Data in JBoss Enterprise Application Platform - CVE-2016-7065

Cybersecurity Help s.r.o.

Published: 2016-10-13 | Updated: 2020-08-09

Vulnerability identifier: #VU40073

Vulnerability risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2016-7065

CWE-ID: CWE-502

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
JBoss Enterprise Application Platform
Server applications / Application servers

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

Mitigation
Install update from vendor's website.

Vulnerable software versions

JBoss Enterprise Application Platform: 4.0.0 - 5.0.0

External links
https://seclists.org/fulldisclosure/2016/Nov/143
https://www.securityfocus.com/bid/93462
https://bugzilla.redhat.com/show_bug.cgi?id=1382534
https://www.exploit-db.com/exploits/40842/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in JBoss Enterprise Application Platform