3 matches found
Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 RMI classloader exposure
Abstract A problem in the RMI classloader may enable an attacker to send a serializated object via JMX that could compromise the system. Content Vulnerability Details A specially crafted serialized object sent via the JMX connector could compromise the system due to a misconfigured RMI classloade...
org.apache.geronimo.assemblies:geronimo-framework (>=3.0-beta-1 <=3.0.0), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-beta-1) +188 more potentially affected by CVE-2013-1777 via org.apache.geronimo.framework:geronimo-jmx-remoting (>=3.0-beta-1 <=3.0.0)
org.apache.geronimo.framework:geronimo-jmx-remoting MAVEN version =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2013-1777 Source advisory:...
CVE-2013-1777
The CVE-2013-1777 issue is concrete: Apache Geronimo 3.x (notably in WebSphere Application Server Community Edition 3.0.0.3) exposes an RMI classloader misconfiguration that allows remote attackers to execute arbitrary code by sending a crafted serialized object through JMX. The root cause is imp...