CVE-2015-0297 — HIGH (9.0) — White Hats Nepal

Vulnerability Description

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

CVSS Score

9.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:C

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Operations Network	3.3.1

Related Weaknesses (CWE)

CWE-284

References

http://rhn.redhat.com/errata/RHSA-2015-0862.htmlVendor Advisory
http://www.securitytracker.com/id/1032181
http://rhn.redhat.com/errata/RHSA-2015-0862.htmlVendor Advisory
http://www.securitytracker.com/id/1032181

FAQ

What is CVE-2015-0297?

CVE-2015-0297 is a vulnerability with a CVSS score of 9.0 (HIGH). Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) Schedu...

How severe is CVE-2015-0297?

CVE-2015-0297 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0297?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Operations Network.