Vulnerability Description
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Geronimo | 3.0 |
| Ibm | Websphere Application Server | 3.0.0.3 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
- http://geronimo.apache.org/30x-security-report.htmlVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21643282PatchVendor Advisory
- https://issues.apache.org/jira/browse/GERONIMO-6477
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0008.html
- http://geronimo.apache.org/30x-security-report.htmlVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21643282PatchVendor Advisory
- https://issues.apache.org/jira/browse/GERONIMO-6477
FAQ
What is CVE-2013-1777?
CVE-2013-1777 is a vulnerability with a CVSS score of 10.0 (HIGH). The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI ...
How severe is CVE-2013-1777?
CVE-2013-1777 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1777?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Geronimo, Ibm Websphere Application Server.