Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability

Bugtraq ID: 60534
Class: Unknown
CVE: CVE-2013-1768
Remote: Yes
Local: No
Published: Jun 12 2013 12:00AM
Updated: Apr 13 2015 10:12PM
Credit: The vendor reported this issue.
Vulnerable: Redhat JBoss Fuse 6.0
Redhat Fuse MQ Enterprise 7.1.0
Redhat Fuse ESB Enterprise 7.1.0
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Apache OpenJPA 2.2.1
Apache OpenJPA 2.2
Apache OpenJPA 2.1.1
Apache OpenJPA 2.1
Apache OpenJPA 2.0.1
Apache OpenJPA 2.0
Apache OpenJPA 1.3
Apache OpenJPA 1.2.2
Apache OpenJPA 1.2
Apache OpenJPA 1.1
Apache OpenJPA 1.0.4
Apache OpenJPA 1.0
Not Vulnerable: Apache OpenJPA 2.2.2
Apache OpenJPA 1.2.3


 

Privacy Statement
Copyright 2010, SecurityFocus