返回 CVE 瀏覽器

CVE-2013-1777

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1650%

EPSS Percentile37.29th

Published2013年7月11日

Last Modified2026年4月29日

Vulnerability Description

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

Affected Platforms (CPE)

📦

Apache

Geronimo

= 3.0

📦

Apache

Geronimo

= 3.0

📦

Apache

Geronimo

= 3.0

📦

Ibm

Websphere Application Server

= 3.0.0.3

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html

🔗 http://geronimo.apache.org/30x-security-report.html

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21643282

🔗 https://issues.apache.org/jira/browse/GERONIMO-6477

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html

🔗 http://geronimo.apache.org/30x-security-report.html

🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21643282

🔗 https://issues.apache.org/jira/browse/GERONIMO-6477

相關漏洞威脅

CVE-2007-454810.0

The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, whic...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2008-55189.4

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2...

CVE-2011-50347.8

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisi...