CVE-2016-8653

CWE-502 — Deserialization of Untrusted Data7 documents7 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 42.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Fuse Redhat Jboss A-mq Redhat Jboss Fuse

Timeline

PublishedAug 1

Latest updateMay 13

Description

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDredhat/jboss_fuse6.0.0

▶CVEListV5red_hat/fuse6

▶NVDredhat/jboss_a-mq6.0.0

🔴Vulnerability Details

GHSA

GHSA-9f74-frh8-4gmr: It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it↗2022-05-13

▶

CVEList

CVE-2016-8653: It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it↗2018-08-01

▶

📋Vendor Advisories

Red Hat

Fuse-6: JMX endpoint deserializes untrusted credentials.↗2016-11-25

▶

🕵️Threat Intelligence

Krebs

Microsoft Issues Emergency Fix for IE Zero Day↗2018-12-19

▶

💬Community

Bugzilla

CVE-2016-8653 Fuse-6: JMX endpoint deserializes untrusted credentials.↗2016-11-25

▶