Jboss Application Server HTTPServerILServlet.java remote code execution

Description
  • Red Hat Jboss Application Server could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation. By using specially-crafted serialized data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Remediation
  • Upgrade to the latest version of JBoss.
References