Release date: 2013-07-01
Updated on: 2013-07-03
Affected Systems:
Apache Group Geronimo 3.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60875
CVE (CAN) ID: CVE-2013-1777
Apache Geronimo is a Lightweight J2EE application server.
Apache Geronimo 3.0, 3.0 Beta 1, 3.0 M1 has a security bypass vulnerability. RMI loader configuration errors can cause attackers to destroy applications by sending serialized objects through JMX, this allows unauthorized operations to bypass security restrictions.
<* Source: Pierre Ernst
Link: http://seclists.org/bugtraq/2013/Jul/7
Http://seclists.org/fulldisclosure/2013/Jul/3
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://geronimo.apache.org/