CVE-2013-1768
Apache OpenJPA 1.x < 1.2.3 and 2.x < 2.2.2 - Remote Code Execution via BrokerFactory Deserialization
Title source: llmDescription
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
References (19)
Core 19
Core References
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462225
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462488
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462328
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462558
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462512
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462076
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462318
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1462268
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1862.html
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
Various Sources x_refsource_misc
http://www-01.ibm.com/support/docview.wss?uid=swg21635999
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82268
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60534
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791
Scores
EPSS
0.0951
EPSS Percentile
94.9%
Details
CWE
CWE-264
Status
published
Products (16)
apache/openjpa
1.0.0
apache/openjpa
1.0.1
apache/openjpa
1.0.2
apache/openjpa
1.0.3
apache/openjpa
1.0.4
apache/openjpa
1.1.0
apache/openjpa
1.2.0
apache/openjpa
1.2.1
apache/openjpa
1.2.2
apache/openjpa
2.0.0
... and 6 more
Published
Jul 11, 2013
Tracked Since
Feb 18, 2026