McAfee.Web.Reporter.EJBInvokerServlet.Object.Code.Execution
Description
This indicates an attack attempt against a code execution vulnerability in JBoss Enterprise Application platform.
The vulnerability is caused by misconfiguration error when handling an HTTP request containing marshaled Java objects. It allows a remote attacker to execute arbitrary code in the context of the vulnerable application, via a crafted HTTP request.
Affected Products
McAfee Web Reporter 5.2.1
Application with JBoss Enterprise Application Platform 5.2.0
Application with JBoss Enterprise Web Platform 5.2.0
Application with JBoss Enterprise BRMS Platform 5.3.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |