This issue can be exploited to gain remote code execution on the system. It has been reported that the following RedHat packages are affected: RedHat JBoss Enterprise Application Platform (JBoss EAP) 5.0 - all versions RedHat JBoss Enterprise Application Platform (JBoss EAP) 6

CVSS Scores for CVE-2022-35044


Vuln ID Current CVSS Score Exploitability Metric Base Score Exploitability Index ChakraCore 7.0 CVE-2022-35044 4.3 4.3 -1 .NET Core 2.1 CVE-2022-35044 4.2 4.2 -1 Java SE Embedded 8u144 CVE-2022-35044 3.4 3.4 -1

Vulnerability Description br

This issue can be exploited by sending a specially crafted request to the endpoint. The endpoint should return a response containing a payload of {"type":"text/html"} and then execute code in the context of the web server.

Red Hat JBoss Enterprise Application Platform (JBoss EAP) 6

The issue can be exploited to gain remote code execution on the system. This issue has been reported that the following RedHat packages are affected:
RedHat JBoss Enterprise Application Platform (JBoss EAP) 6

Vulnerability details

The vulnerability is exploitable via a crafted web application. The flaw exists within the application when handling the HTTP request to create a new database. An attacker can leverage this vulnerability using a crafted HTTP request to cause the application to create a database.

Vulnerability details:
The vulnerability is exploitable via a crafted web application. The flaw exists within the application when handling the HTTP request to create a new database. An attacker can leverage this vulnerability using a crafted HTTP request to cause the application to create a database.

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:10:00 UTC

References