CVE-2013-1777
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
11/07/2013
Last modified:
11/04/2025
Description
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:geronimo:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:geronimo:3.0:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:geronimo:3.0:m1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_application_server:3.0.0.3:-:community:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
- http://geronimo.apache.org/30x-security-report.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21643282
- https://issues.apache.org/jira/browse/GERONIMO-6477
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
- http://geronimo.apache.org/30x-security-report.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21643282
- https://issues.apache.org/jira/browse/GERONIMO-6477