PT-2010-5017 · Red Hat · Jboss Drools+2

Marc Schoenefeld

Publicado

2010-12-30

Atualizado

2022-05-17

CVE-2010-3708

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform versions 4.3 before 4.3.0.CP09 Red Hat JBoss Enterprise SOA Platform versions 4.2 and 4.3

Description The serialization implementation in JBoss Drools supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.

Recommendations For Red Hat JBoss Enterprise Application Platform versions 4.3 before 4.3.0.CP09, apply the fix from Drools 4.0.7 to patch the vulnerability. For Red Hat JBoss Enterprise SOA Platform versions 4.2 and 4.3, apply the fix from Drools 4.0.7 to patch the vulnerability.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2010-3708

GHSA-QVQ6-CW53-RMWG

RHSA-2010:0937

RHSA-2010:0938

Produtos afetados

Jboss Drools

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Enterprise Soa Platform

PT-2010-5017 · Red Hat · Jboss Drools+2

CVE-2010-3708

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11