Description
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.
Remediation
References
Related Vulnerabilities
PHP Resource Management Errors Vulnerability (CVE-2010-4150)
Oracle Database Server Other Vulnerability (CVE-2001-0943)
WordPress Plugin JupiterX Core Privilege Escalation (2.0.7)
WordPress Plugin DMSGuestbook Multiple Remote Vulnerabilities (1.8.0)
WordPress Plugin WordPress Comments Import & Export CSV Injection (2.0.4)