What is CVE-2017-12149?

CVE-2017-12149 is a critical vulnerability in Red Hat JBoss Application Server that allows remote code execution via deserialization issues. Organizations using affected versions must prioritize patching to mitigate risks.

What is the severity of CVE-2017-12149?

CVE-2017-12149 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2017-12149 in CISA KEV?

Yes. CVE-2017-12149 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2017-12149 | Critical Vulnerability in Red Hat JBoss Application Server

CVE-2017-12149 is a critical vulnerability affecting the Red Hat JBoss Application Server as shipped with Red Hat Enterprise Application Platform 5.2. The vulnerability arises from the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker, which fails to restrict the classes for which it performs deserialization. This oversight allows an attacker to execute arbitrary code via crafted serialized data. With a CVSS score of 9.8, this vulnerability represents a significant risk to organizations.

Risk to organizations includes potential unauthorized access to sensitive data and disruption of service. Given the nature of the vulnerability, it can be exploited remotely without requiring user interaction, making it a high-priority issue for security teams. Organizations should prioritize patching immediately to mitigate the associated risks.

Currently, this vulnerability is known to be actively exploited, and there are public proof-of-concept (PoC) exploits available. In addition, it has been included in the Known Exploited Vulnerabilities (KEV) catalog, emphasizing its critical nature and the urgency for affected organizations to take immediate action.

Organizations using Red Hat JBoss Application Platform 5.2 or earlier versions must assess their exposure to CVE-2017-12149 and implement the necessary updates as soon as possible.

Vulnerability Details

The official description outlines that the vulnerability allows arbitrary code execution due to unrestricted deserialization in the JBoss Application Server. This vulnerability is classified as a critical issue with a CVSS score of 9.8 based on the CVSS version 3.1. It impacts confidentiality, integrity, and availability, making it a significant threat to organizational security.

Technical Analysis

The root cause of CVE-2017-12149 is the failure to properly restrict classes during the deserialization process within the ReadOnlyAccessFilter. This vulnerability can be exploited over the network, requiring low attack complexity and no privileges or user interaction. The high impact on confidentiality, integrity, and availability indicates that successful exploitation could lead to severe consequences for affected organizations.

Risk & Impact Analysis

The risk to organizations includes potential unauthorized access to sensitive data, system compromise, and service disruption. The blast radius of this vulnerability extends to any environment utilizing the affected versions of Red Hat JBoss Application Server, making it critical for organizations to act promptly. Given its inclusion in the KEV catalog, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

All versions of Red Hat JBoss Application Platform prior to the vendor patch are vulnerable. Specifically, versions 5.0.0 through 5.2.2 are affected. Organizations must ensure they are running patched versions to eliminate the risk associated with this vulnerability.

Mitigation & Remediation

Red Hat has provided updates to remediate CVE-2017-12149. Organizations should refer to the vendor's advisory for specific instructions on patching. Additionally, implementing security best practices, such as network segmentation and monitoring, can further mitigate risks. For comprehensive security assessments, organizations may consider engaging in penetration testing to evaluate their security posture.

Detection Guidance

Organizations should monitor logs for indicators of exploitation attempts, including unusual deserialization activities or unexpected application behavior. Behavioral anomalies, such as unauthorized access attempts, should also be flagged for further investigation.

AppSecure Threat Intelligence Insight

CVE-2017-12149 highlights the importance of secure coding practices and the potential dangers of deserialization vulnerabilities. Security teams should be vigilant about reviewing deserialization processes in their applications and implementing strict controls. As this vulnerability is actively exploited, it serves as a reminder to continuously assess security frameworks and incorporate lessons learned into security protocols. For further insights, organizations can reference our penetration testing methodology and consider engaging in vulnerability management programs to enhance their defense strategies.

For organizations utilizing Cloud environments, our cloud penetration testing guide provides additional insights on securing applications in these settings.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2017-12149: Critical Vulnerability in Red Hat JBoss Application Server