CVE-2013-1777

Опубликовано: 11 июл. 2013

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
http://geronimo.apache.org/30x-security-report.html
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21643282
Patch
Vendor Advisory
https://issues.apache.org/jira/browse/GERONIMO-6477
http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
http://geronimo.apache.org/30x-security-report.html
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21643282
Patch
Vendor Advisory
https://issues.apache.org/jira/browse/GERONIMO-6477

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:geronimo:3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:geronimo:3.0:beta1:*:*:*:*:*:*

cpe:2.3:a:apache:geronimo:3.0:m1:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:3.0.0.3:-:community:*:*:*:*:*

EPSS

Процентиль: 89%

0.04819

Низкий

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2013-1777

redhat

больше 12 лет назад

GHSA-v64w-96p6-fx7w

github

больше 3 лет назад

Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1