What is CVE-2017-12149?

CVE-2017-12149 is a vulnerability in Red Hat, Inc. Jbossas, classified under Deserialization of Untrusted Data. Published 2017-10-04.

Is CVE-2017-12149 known to be exploited?

Yes. CVE-2017-12149 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-12-10), indicating it is being actively exploited. 141 public proof-of-concept repositories are indexed.

Deserialization in Red Hat, Inc. Jbossas

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization…

Vulnerability class: Insecure Deserialization

EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.

Affected products

Red Hat, Inc. Jbossas — versions n/a

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2021-12-10. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-06-10.

Required action: Apply updates per vendor instructions.

Known ransomware campaign use: yes.

Public proof-of-concept exploits

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2018:1608 (x_refsource_REDHAT, vendor-advisory)
github.com/gottburgm/Exploits/tree/master/CVE-2017-12149 (x_refsource_MISC)
100591 (vdb-entry, x_refsource_BID)
RHSA-2018:1607 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2017-12149?: CVE-2017-12149 is a vulnerability in Red Hat, Inc. Jbossas, classified under Deserialization of Untrusted Data. Published 2017-10-04.
Is CVE-2017-12149 known to be exploited?: Yes. CVE-2017-12149 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-12-10), indicating it is being actively exploited. 141 public proof-of-concept repositories are indexed.