Description
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5803 Vulnerability (CVE-2013-5803)
Ruby on Rails Improper Authentication Vulnerability (CVE-2012-3424)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Local File Inclusion (2.11.1)
Oracle JRE CVE-2024-21144 Vulnerability (CVE-2024-21144)
WordPress Plugin WordPress Button Plugin MaxButtons Cross-Site Scripting (6.18)