|
|
Log in / Subscribe / Register

openjpa: code execution

Package(s):openjpa CVE #(s):CVE-2013-1768
Created:July 22, 2013 Updated:October 8, 2013
Description: From the CVE entry:

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

Alerts:
Mandriva MDVSA-2013:246 openjpa 2013-10-07
Mageia MGASA-2013-0292 openjpa 2013-10-05
Fedora FEDORA-2013-12967 openjpa 2013-07-22
Fedora FEDORA-2013-12960 openjpa 2013-07-22
Fedora FEDORA-2013-12948 openjpa 2013-07-22
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds