Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:REDHAT-JBOSS-DG-HOTROD-ID |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization |
Release Date |
2018/03/12 |
Update Number |
3045 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization
This signature detects attempts to exploit a known vulnerability in the Hotrod client that ships with Red Hat JBoss Data Grid. Successful exploitation can result in arbitrary code execution in the security context of the vulnerable client.
Extended Description
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Affected Products
- Infinispan infinispan 9.1.6
- Infinispan infinispan 9.2.0
References
- CVE: CVE-2017-15089