CVE - CVE-2013-1768

CVE-ID
CVE-2013-1768	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:PM86780 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780 AIXAPAR:PM86786 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786 AIXAPAR:PM86788 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788 AIXAPAR:PM86791 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791 BID:60534 URL:http://www.securityfocus.com/bid/60534 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462076 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462225 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462268 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462318 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462328 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462488 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462512 CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1462558 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21644047 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html FULLDISC:20130612 [CVE-2013-1768] Apache OpenJPA security vulnerability URL:http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html MISC:http://www-01.ibm.com/support/docview.wss?uid=swg21635999 REDHAT:RHSA-2013:1862 URL:http://rhn.redhat.com/errata/RHSA-2013-1862.html XF:openjpa-cve20131768-command-execution(82268) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82268
Assigning CNA
Red Hat, Inc.
Date Record Created
20130219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)