CVE-2016-3690

Published: Jun 8, 2017
Updated: Apr 13, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-3690" target="_blank" rel="noopener"> CVE-2016-3690
Severity: Critical
Exploit:

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	5.1.2	5.1.2.x
redhat / jboss_enterprise_application_platform	4.3.0	4.3.0.x
redhat / jboss_enterprise_application_platform	5.1.1	5.1.1.x
redhat / jboss_enterprise_application_platform	5.1.0	5.1.0.x
redhat / jboss_enterprise_application_platform	5.2.0	5.2.0.x
redhat / jboss_enterprise_application_platform	4.2.0	4.2.0.x
redhat / jboss_enterprise_application_platform	5.0.0	5.0.0.x