Unrestricted API Access and Denial of Service Vulnerability in Red Hat JBoss Operations Network 3.3.1

Unrestricted API Access and Denial of Service Vulnerability in Red Hat JBoss Operations Network 3.3.1

CVE-2015-0297 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:C

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Learn more about our Cis Benchmark Audit For Server Software.