admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/12xxx/CVE-2017-12149.json
CVE Team 69b7243b92
"-Synchronized-Data."
2019-03-18 01:16:53 +00:00

83 lines
2.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-29T00:00:00",
"ID": "CVE-2017-12149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jbossas",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486220"
},
{
"name": "RHSA-2018:1608",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1608"
},
{
"name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149",
"refsource": "MISC",
"url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149"
},
{
"name": "100591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100591"
},
{
"name": "RHSA-2018:1607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1607"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink