15 matches found
Deserialization of Untrusted Data in Apache OpenJPA
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
Mageia: Security Advisory (MGASA-2013-0292)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
HITB16 issues resolution: Java applications ORM injection the development of new methods-vulnerability warning-the black bar safety net
! “Hack In The Box”conference is in Europe in Amsterdam, organized by the global well-known Security Summit. This year's conference very interesting, one by a security researcher Mikhail Egorov and Sergey Soldatov presented the topic“Java application ORM injection the development of new...
Apache OpenJPA code execution
User-controlled data it stored in local executable file...
[ MDVSA-2013:246 ] openjpa
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:246 http://www.mandriva.com/en/support/security/ Package : openjpa Date : October 7, 2013 Affected: Business Server 1.0 Problem Description: Updated openjpa packages fix security vulnerability: The...
Mandriva Linux Security Advisory : openjpa (MDVSA-2013:246)
Updated openjpa packages fix security vulnerability : The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...
MGASA-2013-0292 Updated openjpa packages fix CVE-2013-1768
Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...
Updated openjpa packages fix CVE-2013-1768
Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...
CVE-2013-1768
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
CVE-2013-1768
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
Deserialization of untrusted data
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
CVE-2013-1768
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
CVE-2013-1768
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
CVE-2013-1768
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
CVE-2013-1768
CVE-2013-1768 involves deserialization of a malicious OpenJPA object; IBM bulletins note the embedded OpenJPA code is present in WebSphere Application Server but is not exploitable by WAS itself. Affected WAS versions ship the vulnerable OpenJPA code (not exploitable) and IBM provides fixes via A...