CVE-2017-7504CRITICALCVSS 9.8v4.x2017-05-19
CVE-2017-7504 [CRITICAL] CWE-502 CVE-2017-7504: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is e
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
cvelistv5nvd