securitony (3)

Last Login: May 03, 2022
Assessments
1
Score
3

securitony's Latest (1) Contributions

Sort by:
Filter by:
2
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Technical Analysis

Several Red Hat JBoss products (JBoss Middleware Suite) widely used in enterprise environments were found to be vulnerable to a Java object serialization flaw. Exploit code is publicly available and PoC exploits are easy to develop, which allow attackers to execute arbitrary code on the affected servers with the permissions of the JBoss application.
The vulnerability resides in Apache Commons Collections library which allows deserialization of untrusted user input in JBoss and many other software products (for more information: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/),