Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution
Added: 07/18/2022Background
Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications.Problem
A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to the Remoting Unified Invoker interface.Resolution
Restrict access to the Remoting Unified Invoker interface.References
https://jspin.re/jboss-eap-as-6-rce-a-little-bit-beyond-xac-xed/Back to exploit index