Attacker Value

High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2017-12149

Disclosure Date: October 04, 2017 •

CVE-2017-12149 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

Description

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

Add Assessment

theguly (51)

February 28, 2020 4:30pm UTC (4 years ago)•Edited 4 years ago

Ratings

Attacker Value

High

Exploitability

Very High

Common in enterprise Easy to weaponize Vulnerable in default configuration

Technical Analysis

jboss is widely used in enterprise, and we sometimes found it internet exposed.
there are ready to use exploit and scanner ( https://github.com/joaomatosf/jexboss ) that let an attacker to blindly abuse this.

(un)fortunately, jboss by default runs as limited user, therefore LPE is needed to get root.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

redhat

Products

jboss enterprise application platform -,
jboss enterprise application platform 5.0.0,
jboss enterprise application platform 5.0.1,
jboss enterprise application platform 5.1.0,
jboss enterprise application platform 5.1.1,
jboss enterprise application platform 5.1.2,
jboss enterprise application platform 5.2.0,
jboss enterprise application platform 5.2.1,
jboss enterprise application platform 5.2.2

Metasploit Modules

JBoss Vulnerability Scanner (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated sources as

Government or Industry Alert (https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog)
Threat Feed (https://blogs.juniper.net/en-us/threat-research/sysrv-botnet-expands-and-gains-persistence)

Reported: December 06, 2021 3:19pm UTC (2 years ago) • Edited 2 years ago

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:19am UTC (2 weeks ago)

References

Rapid7

High

CVE-2017-12149

High

Very High

None

None

Network

CVE-2017-12149

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

High

CVE-2017-12149

High

Very High

None

None

Network

CVE-2017-12149

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification