7.5

CVSS Score

Basic Information

CVE ID

CVE-2010-3708

GHSA ID

GHSA-qvq6-cw53-rmwg

EPSS Score

0.84419%

CWE

CWE-20

Published

5/17/2022

Updated

2/2/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2010-3708

CVE-2010-3708:
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.

The maintainers of JBoss EAP patched the vulnerability by applying a fix from Drools 4.0.7.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2010-3708

GHSA ID

GHSA-qvq6-cw53-rmwg

EPSS Score

0.84419%

CWE

CWE-20

Published

5/17/2022

Updated

2/2/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.drools:drools-core	maven	< 4.0.7	4.0.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on unsafe deserialization allowing class file embedding. Key functions would be in the marshalling layer where serialized data is processed. While exact patch details are unavailable, historical patterns show that:

Marshaller.readObject() is the primary deserialization entry point
readResolve() methods control object replacement during deserialization
The vulnerability description explicitly mentions class file embedding and static initializers, which would be triggered during class loading in these methods
The fix in Drools 4.0.7 likely added allow-list validation in these critical deserialization paths to prevent arbitrary class loading

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** s*ri*liz*tion impl*m*nt*tion in J*oss *rools in R** **t J*oss *nt*rpris* *ppli**tion Pl*t*orm (*k* J*oss **P or J***P) *.* ***or* *.*.*.*P** *n* J*oss *nt*rpris* SO* Pl*t*orm *.* *n* *.* supports t** *m****in* o* *l*ss *il*s, w*i** *llows r*mot*

Reasoning

T** vuln*r**ility **nt*rs on uns*** **s*ri*liz*tion *llowin* *l*ss *il* *m****in*. K*y *un*tions woul* ** in t** m*rs**llin* l*y*r w**r* s*ri*liz** **t* is pro**ss**. W*il* *x**t p*t** **t*ils *r* un*v*il**l*, *istori**l p*tt*rns s*ow t**t: *. M*rs*

7.5

Basic Information

Concerned about an active attack path?

CVE-2010-3708: Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2010-3708:
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP

Vulnerability Intelligence
Miggo AI