7.2

CVE-2016-4978

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheArtemis Version < 1.4.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Server Version5.0
   RedhatEnterprise Linux Server Version6.0
   RedhatEnterprise Linux Server Version7.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Server Version5.0
   RedhatEnterprise Linux Server Version6.0
   RedhatEnterprise Linux Server Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.92% 0.933
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://access.redhat.com/errata/RHSA-2017:3454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3458
Third Party Advisory
http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/93142
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1835
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1836
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1837
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1447
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1448
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1449
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1450
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1451
Third Party Advisory
https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Third Party Advisory
Technical Description