CVE-2013-1768

{"id": "CVE-2013-1768", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-11T22:55:00.833", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462076", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462225", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462268", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462318", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462328", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462488", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462512", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462558", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635999", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/60534", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82268", "source": "secalert@redhat.com"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462076", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462225", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462268", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462318", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462328", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462488", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462512", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1462558", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635999", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/60534", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82268", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs."}, {"lang": "es", "value": "La funcionalidad BrokerFactory en Apache OpenJPA v1.x antes de v1.2.3 y v2.x antes de v2.2.2 cera ficheros JSP ejecutables que contienen la traza de datos de logging producida durante la deserializaci\u00f3n de ciertos objetos OpenJPA manipulados, lo que hace m\u00e1s f\u00e1cil a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la creaci\u00f3n de objetos serializados y aprovechando de forma indebida programas de servidores seguros"}], "lastModified": "2024-11-21T01:50:20.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:openjpa:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D7D744D-57AB-4D28-875D-A5BE9468B58E"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A70DD0A-8C8E-4856-898D-EDF06BCB7E6D"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B2E987D-C203-4B93-94EC-77476C890440"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3684184-CB7D-4DF8-A0A7-AFC5E0FC8062"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "670DDFEF-9DDA-43C5-B783-CE4C280BF212"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A13D9A8C-FC4C-424A-90EE-265DBA71A4C1"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98AAEB21-8553-462B-B295-7DBDF0E5BA23"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FFCD843-BA51-4676-B7EB-CACDE08DCC0A"}, {"criteria": "cpe:2.3:a:apache:openjpa:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15486580-4FDE-463E-B0F8-6C7527F0AFC9"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A770DDA9-1425-4855-8BAE-8705767141EE"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70C82637-99EE-454B-BA60-065011DDE300"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EAAC59-EBA2-4261-A0C9-9FA44368B450"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773FB4F-606B-486C-BBD4-DEDB50922EBF"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E6392F-8A10-4B0D-8303-02175F2FAE3C"}, {"criteria": "cpe:2.3:a:apache:openjpa:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF6CF7CE-4ECC-4AD5-B64B-35D01E54C2AF"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}