CVE-2016-4974

HIGH

Apache Amqp 0-x Jms Client < 6.0.3 - Improper Input Validation

Title source: rule

Description

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2016-4974-qpid-broker-j-vulnerable

View Code ZIP pw:eip

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2016-4974-qpid-broker-j-vulnerable

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html

[Vendor Advisory] http://qpid.apache.org/components/jms/security-0-x.html

[Vendor Advisory] http://qpid.apache.org/components/jms/security.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/538813/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91537

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036239

[Issue Tracking] https://issues.apache.org/jira/browse/QPIDJMS-188

Scores

CVSS v3 7.5

EPSS 0.0213

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (3)

apache/amqp_0-x_jms_client < 6.0.3

apache/jms_client_amqp < 0.9.0

org.apache.qpid/qpid-jms-client 0 - 0.10.0Maven

Published Jul 13, 2016

Tracked Since Feb 18, 2026