Red Hat Customer Portal

Skip to main content

CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

Details Source

Mitre

Public Date

2013-06-12 00:00:00

Impact

Important

Bugzilla

CVE-2013-1768 openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs

Bugzilla ID

984 034

CVSS Status

verified

Base Score

7.50

Base Metrics

AV:N/AC:L/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Fuse ESB Enterprise 7.1.0 RHSA-2013:1862 2013-12-19
Fuse Management Console 7.1.0 RHSA-2013:1862 2013-12-19
Red Hat JBoss Fuse 6.0 RHSA-2013:1185 2013-08-29
Fuse MQ Enterprise 7.1.0 RHSA-2013:1862 2013-12-19

CWE

CWE-502