7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.042 Low
EPSS
Percentile
92.1%
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x
before 2.2.2 creates local executable JSP files containing logging trace
data produced during deserialization of certain crafted OpenJPA objects,
which makes it easier for remote attackers to execute arbitrary code by
creating a serialized object and leveraging improperly secured server
programs.
archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
svn.apache.org/viewvc?view=revision&revision=1462076
svn.apache.org/viewvc?view=revision&revision=1462225
svn.apache.org/viewvc?view=revision&revision=1462268
svn.apache.org/viewvc?view=revision&revision=1462318
svn.apache.org/viewvc?view=revision&revision=1462328
svn.apache.org/viewvc?view=revision&revision=1462488
svn.apache.org/viewvc?view=revision&revision=1462512
svn.apache.org/viewvc?view=revision&revision=1462558
www-01.ibm.com/support/docview.wss?uid=swg1PM86780
www-01.ibm.com/support/docview.wss?uid=swg1PM86786
www-01.ibm.com/support/docview.wss?uid=swg1PM86788
www-01.ibm.com/support/docview.wss?uid=swg1PM86791
www-01.ibm.com/support/docview.wss?uid=swg21635999
xforce.iss.net/xforce/xfdb/82268
launchpad.net/bugs/cve/CVE-2013-1768
nvd.nist.gov/vuln/detail/CVE-2013-1768
security-tracker.debian.org/tracker/CVE-2013-1768
www.cve.org/CVERecord?id=CVE-2013-1768