Miggo Logo

CVE-2010-3708: Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP

7.5

CVSS Score

Basic Information

EPSS Score
0.84419%
Published
5/17/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.drools:drools-coremaven< 4.0.74.0.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers on unsafe deserialization allowing class file embedding. Key functions would be in the marshalling layer where serialized data is processed. While exact patch details are unavailable, historical patterns show that:

  1. Marshaller.readObject() is the primary deserialization entry point
  2. readResolve() methods control object replacement during deserialization
  3. The vulnerability description explicitly mentions class file embedding and static initializers, which would be triggered during class loading in these methods
  4. The fix in Drools 4.0.7 likely added allow-list validation in these critical deserialization paths to prevent arbitrary class loading

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** s*ri*liz*tion impl*m*nt*tion in J*oss *rools in R** **t J*oss *nt*rpris* *ppli**tion Pl*t*orm (*k* J*oss **P or J***P) *.* ***or* *.*.*.*P** *n* J*oss *nt*rpris* SO* Pl*t*orm *.* *n* *.* supports t** *m****in* o* *l*ss *il*s, w*i** *llows r*mot*

Reasoning

T** vuln*r**ility **nt*rs on uns*** **s*ri*liz*tion *llowin* *l*ss *il* *m****in*. K*y *un*tions woul* ** in t** m*rs**llin* l*y*r w**r* s*ri*liz** **t* is pro**ss**. W*il* *x**t p*t** **t*ils *r* un*v*il**l*, *istori**l p*tt*rns s*ow t**t: *. M*rs*