CVE-2016-9585 — Deserialization of Untrusted Data in Redhat Jboss Enterprise Application Platform

CWE-502 — Deserialization of Untrusted Data5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 60.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Eap-5 Redhat Jboss Enterprise Application Platform

Timeline

PublishedMar 9

Latest updateMay 13

Description

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform5.0.0

▶CVEListV5red_hat_inc/eap-5EAP-5

🔴Vulnerability Details

GHSA

GHSA-h2jh-xp68-gwgf: Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it↗2022-05-13

▶

CVEList

CVE-2016-9585: Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it↗2018-03-09

▶

📋Vendor Advisories

Red Hat

EAP-5: unsafe deserialization of user credentials by the JMX endpoint↗2016-12-14

▶

💬Community

Bugzilla

CVE-2016-9585 EAP-5: unsafe deserialization of user credentials by the JMX endpoint↗2016-12-14

▶