Red Hat JBoss Enterprise Application Platform and JBoss Enterprise SOA Platform contains a flaw related to the serialization implementation in JBoss Drools supporting the embedding of class files. The issue is triggered when a remote attacker uses a crafted static initializer. This may allow an attacker to execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• Security Tracker: 1024813
• CVE ID: 2010-3708 (see also: NVD)
• Secunia Advisory ID: 42398
• Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/show_bug.cgi?id=633859
• Other Advisory URL: https://issues.jboss.org/browse/SOA-2319 [ Auth Req'd ]
• RedHat RHSA: RHSA-2010:0937 RHSA-2010:0938 RHSA-2010:0939 RHSA-2010:0940

• Not Available