CVE-2016-6330

Published on: 09/27/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Jboss Operations Network from Redhat contain the following vulnerability:

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.

  • CVE-2016-6330 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 9 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL COMPLETE

CVE References

Description Tags Link
[R2] Red Hat JBoss Operations Network /jboss-remoting-servlet-invoker/ServerInvokerServlet Jython Deserialization Remote Code Execution - Research Advisory | Tenable® www.tenable.com
text/html
URL Logo MISC www.tenable.com/security/research/tra-2016-22
Bug 1368864 – CVE-2016-6330 JON: incomplete fix for CVE-2016-3737 Issue Tracking
Mitigation
Vendor Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1368864
Red Hat JBoss Operations Network CVE-2016-6330 Incomplete Fix Remote Code Execution Vulnerability Third Party Advisory
cve.report (archive)
text/html
URL Logo BID 92568

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationRedhatJboss Operations Network3.0AllAllAll
ApplicationRedhatJboss Operations Network3.0.1AllAllAll
ApplicationRedhatJboss Operations Network3.1AllAllAll
ApplicationRedhatJboss Operations Network3.1.1AllAllAll
ApplicationRedhatJboss Operations Network3.1.2AllAllAll
ApplicationRedhatJboss Operations Network3.1.4AllAllAll
ApplicationRedhatJboss Operations Network3.2.0AllAllAll
ApplicationRedhatJboss Operations Network3.2.1AllAllAll
ApplicationRedhatJboss Operations Network3.2.2AllAllAll
ApplicationRedhatJboss Operations Network3.2.3AllAllAll
ApplicationRedhatJboss Operations Network3.3.1AllAllAll
ApplicationRedhatJboss Operations Network3.3.2AllAllAll
ApplicationRedhatJboss Operations Network3.3.3AllAllAll
ApplicationRedhatJboss Operations Network3.3.4AllAllAll
ApplicationRedhatJboss Operations Network3.3.5AllAllAll
ApplicationRedhatJboss Operations Network3.3.6AllAllAll
ApplicationRedhatJboss Operations Network3.0AllAllAll
ApplicationRedhatJboss Operations Network3.0.1AllAllAll
ApplicationRedhatJboss Operations Network3.1AllAllAll
ApplicationRedhatJboss Operations Network3.1.1AllAllAll
ApplicationRedhatJboss Operations Network3.1.2AllAllAll
ApplicationRedhatJboss Operations Network3.1.4AllAllAll
ApplicationRedhatJboss Operations Network3.2.0AllAllAll
ApplicationRedhatJboss Operations Network3.2.1AllAllAll
ApplicationRedhatJboss Operations Network3.2.2AllAllAll
ApplicationRedhatJboss Operations Network3.2.3AllAllAll
ApplicationRedhatJboss Operations Network3.3.1AllAllAll
ApplicationRedhatJboss Operations Network3.3.2AllAllAll
ApplicationRedhatJboss Operations Network3.3.3AllAllAll
ApplicationRedhatJboss Operations Network3.3.4AllAllAll
ApplicationRedhatJboss Operations Network3.3.5AllAllAll
ApplicationRedhatJboss Operations Network3.3.6AllAllAll
  • cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.1.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:jboss_operations_network:3.3.6:*:*:*:*:*:*:*: