Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7065Deserialization of Untrusted Data in Redhat Jboss Enterprise Application Platform

CWE-502Deserialization of Untrusted Data7 documents7 sources
Severity
8.8HIGHNVD
EPSS
12.1%
top 6.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedOct 13
Latest updateAug 17

Description

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4pfh-2w89-vqv4: The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and poss2022-05-17
CVEList
CVE-2016-7065: The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and poss2016-10-13

💥Exploits & PoCs

1
Exploit-DB
Red Hat JBoss EAP - Deserialization of Untrusted Data2016-11-28

📋Vendor Advisories

1
Red Hat
JBoss EAP 5 JMX servlet deserializes Java objects sent via HTTP2016-10-07

📄Research Papers

1
arXiv
An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities2022-08-17

💬Community

1
Bugzilla
CVE-2016-7065 JBoss EAP 5 JMX servlet deserializes Java objects sent via HTTP2016-10-07
CVE-2016-7065 — Deserialization of Untrusted Data | cvebase