CVE-2016-7050

CRITICAL

Redhat Enterprise Linux Desktop - Insecure Deserialization

Title source: rule

Description

SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.

References (2)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2604.html

[Issue Tracking, VDB Entry, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1378613

Scores

CVSS v3 9.8

EPSS 0.0058

EPSS Percentile 68.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status draft

Affected Products (4)

redhat/enterprise_linux_desktop

redhat/enterprise_linux_hpc_node

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

Timeline

Published Jun 08, 2017

Tracked Since Feb 18, 2026