3 Replies Latest reply on Dec 10, 2015 9:10 AM by wdfink

    Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability

    aharan

      Hi,

       

      We have got "Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability" on JBoss 5.1.

       

      solution suggested to "remove the vulnerable class files (InvokerTransformer, InstantiateFactory, and InstantiateTransfromer) in all commons-collections jar files."

       

      Can any one help me how to remove class files in Jboss or any alternate way to fix this vulnerability.

       

      OS: windows 2008 R2 SP1.

       

      Thanks,

      Haranadh.