Improper input validation in Redhat Jboss_enterprise_application_platform

CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which all…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.024 (85.4th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 4.3.0
Redhat Jboss_enterprise_soa_platform — versions 4.3.0, 4.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

RHSA-2010:0940 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2010:0938 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2010:0937 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2010:0939 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_MISC)
1024813 (vdb-entry, x_refsource_SECTRACK)