Description
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-2403 Vulnerability (CVE-2021-2403)
WordPress Plugin Contact Form With Captcha Cross-Site Request Forgery (1.6.2)
WordPress Plugin Stock in & out Cross-Site Scripting (1.0.4)
MediaWiki Other Vulnerability (CVE-2013-2114)
Magento Improper Input Validation Vulnerability (CVE-2022-24086)