CVE-2017-12149 Scanner

Red Hat jbossas is an open-source Java EE-based application server used by businesses to host and deploy applications. It provides a platform for developers to build and deploy web applications and provides a robust runtime environment. Jbossas is widely used in medium to large-scale enterprises, particularly in the financial, health, government, and telecommunications sectors.

One of the vulnerabilities that were detected in Jbossas is known as CVE-2017-12149, which is a deserialization vulnerability that allows attackers to execute arbitrary code through crafted serialized data. The vulnerability resides in the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker, which does not restrict classes for which it performs deserialization. This vulnerability is a result of insecure deserialization practices that can be exploited by attackers to manipulate serialized data and execute malicious code on the target system.

When exploited, CVE-2017-12149 can have severe consequences for the targeted system. Attackers can use it to gain complete control over the system, steal sensitive data, or cause system crashes. This vulnerability can lead to significant business losses, reputational damage, and legal consequences.

The securityforeveryone.com platform provides pro features that enable businesses to conduct efficient and effective vulnerability assessments. With a vast database of potential vulnerabilities, businesses can easily and quickly learn about vulnerabilities that could affect their digital assets. The platform enables businesses to stay ahead of security threats and to protect their systems from cyber-attacks.

REFERENCES

• http://www.securityfocus.com/bid/100591
• https://access.redhat.com/errata/RHSA-2018:1607
• https://access.redhat.com/errata/RHSA-2018:1608
• https://bugzilla.redhat.com/show_bug.cgi?id=1486220
• https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149