CVE-2010-3708
JBoss Enterprise Application Platform and SOA Platform - Remote Code Execution via Serialized Class File Embedding
Title source: llmDescription
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0940.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0938.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=633859
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0937.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0939.html
Various Sources x_refsource_misc
https://issues.jboss.org/browse/SOA-2319
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024813
Scores
EPSS
0.0302
EPSS Percentile
85.9%
Details
CWE
CWE-20
Status
published
Products (4)
org.drools/drools-core
0 - 4.0.7Maven
redhat/jboss_enterprise_application_platform
4.3.0 (9 CPE variants)
redhat/jboss_enterprise_soa_platform
4.2.0 (7 CPE variants)
redhat/jboss_enterprise_soa_platform
4.3.0 (5 CPE variants)
Published
Dec 30, 2010
Tracked Since
Feb 18, 2026