CVE-2015-0297

Impact:
Critical
Public Date:
2015-04-14
CWE:
CWE-306
Bugzilla:
1198008: CVE-2015-0297 RHQ: ServerInvokerServlet remote code exec
It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.

Find out more about CVE-2015-0297 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.5
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Operations Network 3.3 RHSA-2015:0862 2015-04-21

Acknowledgements

Red Hat would like to thank Alessandro Cavaliere for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.