Vulnerability DatabaseCVE-2013-1768
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2013-1768
July 11, 2013
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
Affected Packages
org.apache.openjpa:openjpa (JAVA):
Affected version(s) >=2.0.0 <2.2.2
Fix Suggestion:
Update to version 2.2.2
org.apache.openjpa:openjpa (JAVA):
Affected version(s) >=1.0.0 <1.2.3
Fix Suggestion:
Update to version 1.2.3
Related ResourcesĀ (25)
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
http://svn.apache.org/viewvc?view=revision&revision=1462328
https://seclists.org/fulldisclosure/2013/Jun/98
https://github.com/apache/openjpa/commit/87a4452be08b4f97274d0ccfac585ae85841e470
http://svn.apache.org/viewvc?view=revision&revision=1462558
http://www-01.ibm.com/support/docview.wss?uid=swg21635999
https://nvd.nist.gov/vuln/detail/CVE-2013-1768
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
http://www.securityfocus.com/bid/60534
https://github.com/apache/openjpa
http://svn.apache.org/viewvc?view=revision&revision=1462488
https://github.com/apache/openjpa/commit/7f14c7df6b7c7ef42f0671138b9b5dd062fe99aa
http://svn.apache.org/viewvc?view=revision&revision=1462225
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://svn.apache.org/viewvc?view=revision&revision=1462318
https://github.com/apache/openjpa/commit/b8933dc24b84e7e7430ece56bd645d425dd89f24
http://svn.apache.org/viewvc?view=revision&revision=1462076
http://rhn.redhat.com/errata/RHSA-2013-1862.html
http://svn.apache.org/viewvc?view=revision&revision=1462268
https://exchange.xforce.ibmcloud.com/vulnerabilities/82268
http://svn.apache.org/viewvc?view=revision&revision=1462512
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Deserialization of Untrusted Data
CWE-502
EPSS
Base Score:
10.05