Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable9323.PRM
HistoryMay 24, 2016 - 12:00 a.m.

Apache TomEE 1.x < 1.7.4 / 7.x < 7.0.0-M3 Multiple RCE

2016-05-2400:00:00
Tenable
www.tenable.com
9
JSON

The remote web server is running Apache TomEE 1.x prior to 1.7.4 or 7.x prior to 7.0.0-M3 and is affected by two RCE vulnerabilities :

  • A flaw exists in ‘EjbObjectInputStream’ that is triggered during the deserialization of Java serialized input in the binary stream. This may allow a remote attacker to execute arbitrary code. (CVE-2015-8581)
  • A flaw in the EJBd protocol that is triggered during the deserialization of crafted Java Objects. This may allow a remote attacker to execute arbitrary code. Exploitation requires that EJBd is enabled on an instance (the default setting) (CVE-2016-0779)
Binary data 9323.prm
VendorProductVersionCPE
apachetomeecpe:/a:apache:tomee

Related

cve 2
osv 1
zdi 1
prion 1
openvas 1
impervablog 1
cve
cve
CVE-2015-8581
2015-12-16 21:59:00
CVE-2016-0779
2017-04-11 16:59:00
osv
osv
CVE-2016-0779
2017-04-11 16:59:00
zdi
zdi
(0Day) Apache TomEE Deserialization of Untrusted Data Remote Code Execution Vulnerability
2015-12-14 00:00:00
prion
prion
Code injection
2017-04-11 16:59:00
openvas
openvas
Apache TomEE Remote Code Execution Vulnerability
2017-06-28 00:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
JSON
Related for 9323.PRM
cve2osv1zdi1prion1openvas1impervablog1