Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12NjR3LTk2cDYtZng3d84AAep2
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
Permalink: https://github.com/advisories/GHSA-v64w-96p6-fx7wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NjR3LTk2cDYtZng3d84AAep2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 7 months ago
Identifiers: GHSA-v64w-96p6-fx7w, CVE-2013-1777
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1777
- https://issues.apache.org/jira/browse/GERONIMO-6477
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
- http://geronimo.apache.org/30x-security-report.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21643282
- http://svn.apache.org/viewvc/geronimo/server/trunk
- http://svn.apache.org/viewvc?view=revision&revision=1458113
- https://github.com/apache/geronimo/commit/ee031c5e62b0d358250d06c2aa6722518579a6c5
- https://github.com/advisories/GHSA-v64w-96p6-fx7w
Blast Radius: 0.0
Affected Packages
maven:org.apache.geronimo.framework:geronimo-jmx-remoting
Dependent packages: 6Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 3.0-beta-1, < 3.0.1
Fixed in: 3.0.1
All affected versions: 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.2.1, 3.0.0
All unaffected versions: 3.0.1