jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2014-0887.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2014-0887.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2014-0887.html - Vendor Advisory |
Information
Published : 2014-07-22 20:55
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3518
Mitre link : CVE-2014-3518
CVE.ORG link : CVE-2014-3518
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_enterprise_brms_platform
- jboss_enterprise_portal_platform
- jboss_enterprise_soa_platform
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')