Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-0862.html | Vendor Advisory |
http://www.securitytracker.com/id/1032181 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2015-04-24T14:00:00
Updated: 2015-04-29T19:57:01
Reserved: 2014-11-18T00:00:00
Link: CVE-2015-0297
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-04-24T14:59:06.000
Modified: 2015-10-05T21:33:54.643
Link: CVE-2015-0297
JSON object: View
Redhat Information
No data.
CWE