Lucene search

K

Ubuntu.comUB:CVE-2017-12149

HistoryOct 04, 2017 - 12:00 a.m.

CVE-2017-12149

2017-10-0400:00:00

ubuntu.com

ubuntu.com

24

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.938

Percentile

99.2%

In Jboss Application Server as shipped with Red Hat Enterprise Application
Platform 5.2, it was found that the doFilter method in the
ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for
which it performs deserialization and thus allowing an attacker to execute
arbitrary code via crafted serialized data.

References

bugzilla.redhat.com/show_bug.cgi?id=1486220

launchpad.net/bugs/cve/CVE-2017-12149

nvd.nist.gov/vuln/detail/CVE-2017-12149

security-tracker.debian.org/tracker/CVE-2017-12149

www.cve.org/CVERecord?id=CVE-2017-12149

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.938

Percentile

99.2%

Related for UB:CVE-2017-12149

checkpoint_advisories2 redhat2 zdt1 veracode1 cisa_kev1 cvelist1 cve1 seebug1 attackerkb1 nessus1 prion1 nvd1 redhatcve1 nuclei1 thn1 threatpost1 metasploit1 packetstorm1 cisa2 impervablog1 qualysblog1 githubexploit2