Vulnerability CVE-2016-4974
Published: 2016-07-13

Description:
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apache -> Amqp 0-x jms client 
Apache -> Jms client amqp 

 References:
http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html
http://qpid.apache.org/components/jms/security-0-x.html
http://qpid.apache.org/components/jms/security.html
http://www.securityfocus.com/archive/1/538813/100/0/threaded
http://www.securityfocus.com/bid/91537
http://www.securitytracker.com/id/1036239
https://issues.apache.org/jira/browse/QPIDJMS-188
Copyright 2024, cxsecurity.com

 

Back to Top