PRIOn knowledge basePRION:CVE-2013-1768Deserialization of untrusted data
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
References
archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
rhn.redhat.com/errata/RHSA-2013-1862.html
svn.apache.org/viewvc?view=revision&revision=1462076
svn.apache.org/viewvc?view=revision&revision=1462225
svn.apache.org/viewvc?view=revision&revision=1462268
svn.apache.org/viewvc?view=revision&revision=1462318
svn.apache.org/viewvc?view=revision&revision=1462328
svn.apache.org/viewvc?view=revision&revision=1462488
svn.apache.org/viewvc?view=revision&revision=1462512
svn.apache.org/viewvc?view=revision&revision=1462558
www-01.ibm.com/support/docview.wss?uid=swg1PM86780
www-01.ibm.com/support/docview.wss?uid=swg1PM86786
www-01.ibm.com/support/docview.wss?uid=swg1PM86788
www-01.ibm.com/support/docview.wss?uid=swg1PM86791
www-01.ibm.com/support/docview.wss?uid=swg21635999
www-01.ibm.com/support/docview.wss?uid=swg21644047
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.securityfocus.com/bid/60534
exchange.xforce.ibmcloud.com/vulnerabilities/82268
Related
