CVE-2016-9585

MEDIUM

Redhat Jboss Enterprise Application P... - Insecure Deserialization

Title source: rule

Description

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94932

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1404528

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 39.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

redhat/jboss_enterprise_application_platform

Timeline

Published Mar 09, 2018

Tracked Since Feb 18, 2026