cve/CVE-2013-1768.md at 48a00929accbe24477052d164512463a2824377a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

POC

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21644047

Github

https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
https://github.com/Anonymous-Phunter/PHunter
https://github.com/BrittanyKuhn/javascript-tutorial
https://github.com/CGCL-codes/PHunter
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/klausware/Java-Deserialization-Cheat-Sheet
https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

1.3 KiB Raw Blame History

CVE-2013-1768

Description

POC

Reference

Github

1.3 KiB

Raw Blame History