Vulnerability Change Records for CVE-2017-12149

Change History

CVE Modified by Red Hat, Inc. 1/18/2018 1:18:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149 [No Types Assigned]

CVE Modified by Red Hat, Inc. 10/09/2019 7:22:22 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
Red Hat, Inc. CWE-502

CVE Modified by Red Hat, Inc. 10/05/2017 9:29:00 PM

Action Type Old Value New Value
Changed Description
In Jboss Application Server as shipped with RedHat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/100591 [No Types Assigned]

CVE Modified by Red Hat, Inc. 5/19/2018 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1607 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:1608 [No Types Assigned]