Does CVE-2013-4810 affect Red Hat JBoss products?
Issue
- Here is article that mentions about a vulnerability http://www.theregister.co.uk/2013/11/19/old_jboss_vuln_in_the_wild_needs_patching/ - is there a patch for this?
- A NESSUS scan reported the following:
70414 - Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Marshalled Object Remote
- Does CVE-2013-4810 affect Red Hat JBoss products?
- Does Red Hat JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users which is reported as CVE-2012-0874 affect EAP 6?
- The is a question regarding a vulnerability, JBoss EJBInvokerServlet / JMXInvokerServlet Marshalled Object Remote Code Execution, The EBJInvokerServlet' and 'JMXInvokerServlet' servlets hosted on the web server can be used to deploy arbitrary web application archive (WAR) files to the remote host? Is there a patch or a fix for the same?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 4.x
- 5.x
- 6.x
- Red Hat JBoss Portal
- 4.x
- 5.x
- 6.x
- Red Hat JBoss Enterprise SOA Platform (SOA-P)
- 4.x
- 5.x
- Red Hat JBoss Enterprise BRMS Platform (BRMS)
- 5.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.