Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability

Bugtraq ID: 60534
Class: Unknown
CVE: CVE-2013-1768
Remote: Yes
Local: No
Published: Jun 12 2013 12:00AM
Updated: Apr 18 2018 06:00AM
Credit: The vendor reported this issue.
Vulnerable: Redhat JBoss Fuse 6.0
Redhat Fuse MQ Enterprise 7.1.0
Redhat Fuse ESB Enterprise 7.1.0
Oracle Weblogic Server 12.2.1.3
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Apache OpenJPA 2.2.1
Apache OpenJPA 2.2
Apache OpenJPA 2.1.1
Apache OpenJPA 2.1
Apache OpenJPA 2.0.1
Apache OpenJPA 2.0
Apache OpenJPA 1.3
Apache OpenJPA 1.2.2
Apache OpenJPA 1.2
Apache OpenJPA 1.1
Apache OpenJPA 1.0.4
Apache OpenJPA 1.0
Not Vulnerable: Apache OpenJPA 2.2.2
Apache OpenJPA 1.2.3


 

Privacy Statement
Copyright 2010, SecurityFocus