Arbitrary Code Execution Vulnerability in Red Hat JBoss Operations Network (JON)

Arbitrary Code Execution Vulnerability in Red Hat JBoss Operations Network (JON)

CVE-2016-6330 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:C

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.

Learn more about our Cis Benchmark Audit For Server Software.