CyberSec.Space Logo
Back to CVE Browser

CVE-2013-1777

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile37.29th
PublishedJul 11, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

Affected Platforms (CPE)

πŸ“¦
Apache

Geronimo

= 3.0
πŸ“¦
Apache

Geronimo

= 3.0
πŸ“¦
Apache

Geronimo

= 3.0
πŸ“¦
Ibm

Websphere Application Server

= 3.0.0.3

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
πŸ”— http://geronimo.apache.org/30x-security-report.html
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21643282
πŸ”— https://issues.apache.org/jira/browse/GERONIMO-6477
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
πŸ”— http://geronimo.apache.org/30x-security-report.html
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21643282
πŸ”— https://issues.apache.org/jira/browse/GERONIMO-6477

Related Vulnerabilities

CVE-2007-454810.0

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, whic...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2008-55189.4

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2...

CVE-2011-50347.8

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisi...