1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: JBoss Marshalled Object RCE 2

Web Attack: JBoss Marshalled Object RCE 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in JBoss Application Server.

Additional Information

Red Hat JBoss Application Server is an open source Java application server.

Red Hat JBoss Application Server is prone to multiple remote code-execution vulnerabilities that occur when using Remote Method Invocation (RMI) for object marshalling. Specifically, these issues affect the 'org.jboss.invocation.MarshalledInvocation()' method of the 'EJBInvokerServlet' and 'JMXInvokerServlet' servlets. Attackers can exploit these issues to deploy arbitrary applications on the affected system.

Successfully exploiting these issues may allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Affected

  • Red Hat JBoss Application Server 4.0.5
  • Apache Software Foundation Tomcat 5.5

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube