VULHUB ™

## The MITRE CVE dictionary describes this issue as: ## HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-7504 from the MITRE CVE dictionary dictionary and NIST NVD. ## Statement ## JBoss 4.x is not supported by Red Hat ## CVSS v3 metrics ## **NOTE**: The following CVSS v3 metrics and score provided are preliminary and subject to review. CVSS3 Base Score 9.8 CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Unchanged Confidentiality High Integrity Impact High Availability Impact High ## Acknowledgements ## Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this issue.

## The MITRE CVE dictionary describes this issue as: ## HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-7504 from the MITRE CVE dictionary dictionary and NIST NVD. ## Statement ## JBoss 4.x is not supported by Red Hat ## CVSS v3 metrics ## **NOTE**: The following CVSS v3 metrics and score provided are preliminary and subject to review. CVSS3 Base Score 9.8 CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Unchanged Confidentiality High Integrity Impact High Availability Impact High ## Acknowledgements ## Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this issue.