Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-1768

Опубликовано: 11 июл. 2013
Источник: nvd
CVSS2: 7.5
EPSS Средний

Описание

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:openjpa:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openjpa:2.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.10569
Средний

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2013-1768

ubuntu
больше 12 лет назад

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

redhat логотип

CVE-2013-1768

redhat
больше 12 лет назад

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

debian логотип

CVE-2013-1768

debian
больше 12 лет назад

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and ...

github логотип

GHSA-j65f-mvgw-prp2

github
больше 3 лет назад

Deserialization of Untrusted Data in Apache OpenJPA

EPSS

Процентиль: 93%
0.10569
Средний

7.5 High

CVSS2

Дефекты

CWE-264