This content has been marked as final.
Show 3 replies
-
1. Re: Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability
wdfink Dec 7, 2015 5:21 PM (in response to aharan)Do you have a subscription and use a EAP version? In that case you should open a support case via the Red Hat portal or check the downloads for your version.
A security patch should be provided there.
-
2. Re: Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability
aharan Dec 8, 2015 4:20 AM (in response to wdfink)I don't have subscription
-
3. Re: Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability
wdfink Dec 10, 2015 9:10 AM (in response to aharan)Unfortunately you won't get a fix for this, even if you use EAP bits.
So maybe you can have a look to Apache Commons statement to widespread Java object de-serialisation vulnerability : The Apache Software Foundation Blog
for hints and a solution. But I'm not sure whether that works with such an old JBoss version.