CVE-2013-1768

NameCVE-2013-1768
DescriptionThe BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs716937

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjpa (PTS)buster, bullseye2.4.2-6fixed
bookworm2.4.2-8fixed
sid, trixie2.4.2-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjpasource(unstable)2.2.2-1716937

Notes

[squeeze] - openjpa <no-dsa> (Minor issue)
[wheezy] - openjpa <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems