NVD disclosure day

Published threat advisories for October 4, 2017

CVE-2017-12149

JBoss Application Server Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in JBoss Application Server allows attackers to execute arbitrary code by sending crafted serialized data. This poses a significant business risk, potentially leading to unauthorized system access and data compromise. Organizations should assess their exposure and apply necessary updates.

NVD published: October 4, 2017 • CISA KEV

CVE advisoryKnown Exploit

CVE-2017-12617

Apache Tomcat JSP Upload Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

This vulnerability in Apache Tomcat allows attackers to upload and execute malicious code via specially crafted requests. Organizations running affected versions with HTTP PUTs enabled face business risk from potential system compromise and data breaches.

NVD published: October 4, 2017 • CISA KEV