CVE-2016-4978

Опубликовано: 27 сент. 2016

Источник: nvd

CVSS3: 7.2

CVSS2: 6

EPSS Низкий

Описание

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

Ссылки

http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
Mailing List
Vendor Advisory
http://www.securityfocus.com/bid/93142
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1835
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1836
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1837
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1447
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1448
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1451
Third Party Advisory
https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*

Версия до 1.4.0 (исключая)

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01084

Низкий

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2016-4978

CVSS3: 6.6

redhat

больше 9 лет назад

GHSA-r9vv-xj4w-g8m8

CVSS3: 7.2

github

больше 3 лет назад

Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain

EPSS

Процентиль: 77%

0.01084

Низкий

7.2 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-502