exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2016-4974

больше 9 лет назад

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-4974

больше 9 лет назад

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

CVSS3: 5.6

EPSS: Низкий

CVE-2016-4974

больше 9 лет назад

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-4974

больше 9 лет назад

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...

CVSS3: 7.5

EPSS: Низкий

GHSA-f38p-mq64-h784

больше 3 лет назад

Improper Input Validation in Apache Qpid AMQP 0-x JMS

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2016-4974 Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2016-4974 Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.	CVSS3: 5.6	2% Низкий	больше 9 лет назад
CVE-2016-4974 Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2016-4974 Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...	CVSS3: 7.5	2% Низкий	больше 9 лет назад
GHSA-f38p-mq64-h784 Improper Input Validation in Apache Qpid AMQP 0-x JMS	CVSS3: 7.5	2% Низкий	больше 3 лет назад

Уязвимостей на страницу