CVE-2013-1777
Apache Geronimo 3.x < 3.0.1 - Remote Code Execution via JMX Remoting
Title source: llmDescription
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21643282
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/GERONIMO-6477
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
Vendor Advisory x_refsource_confirm
http://geronimo.apache.org/30x-security-report.html
Scores
EPSS
0.0981
EPSS Percentile
95.0%
Details
CWE
CWE-94
Status
published
Products (3)
apache/geronimo
3.0 (3 CPE variants)
ibm/websphere_application_server
3.0.0.3
org.apache.geronimo.framework/geronimo-jmx-remoting
3.0-beta-1 - 3.0.1Maven
Published
Jul 11, 2013
Tracked Since
Feb 18, 2026