CyberSec.Space Logo
Back to CVE Browser

CVE-2016-0779

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile0.09th
PublishedApr 11, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.

Affected Platforms (CPE)

πŸ“¦
Apache

Tomee

<= 1.7.3
πŸ“¦
Apache

Tomee

= 7.0.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/136256/Apache-TomEE-Patched.html
πŸ”— http://tomee-openejb.979440.n4.nabble.com/Document-resolved-vulnerability-CVE-2015-8581-td4678073.html
πŸ”— http://tomee.apache.org/security/tomee.html
πŸ”— http://www.securityfocus.com/archive/1/537806/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/79204
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-638
πŸ”— http://packetstormsecurity.com/files/136256/Apache-TomEE-Patched.html
πŸ”— http://tomee-openejb.979440.n4.nabble.com/Document-resolved-vulnerability-CVE-2015-8581-td4678073.html

Related Vulnerabilities

CVE-2020-119699.8

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX po...

CVE-2020-139319.8

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker...

CVE-2018-80316.1

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...