Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0292)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2013.0292

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2013-0292)

Zusammenfassung: The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory.

Vulnerability Insight:
Updated openjpa packages fix security vulnerability:

The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates
local executable JSP files containing logging trace data produced during
deserialization of certain crafted OpenJPA objects, which makes it easier
for remote attackers to execute arbitrary code by creating a serialized
object and leveraging improperly secured server programs (CVE-2013-1768).

Affected Software/OS:
'openjpa' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-1768
AIX APAR: PM86780
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780
AIX APAR: PM86786
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786
AIX APAR: PM86788
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788
AIX APAR: PM86791
http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791
BugTraq ID: 60534
http://www.securityfocus.com/bid/60534
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
http://www-01.ibm.com/support/docview.wss?uid=swg21635999
RedHat Security Advisories: RHSA-2013:1862
http://rhn.redhat.com/errata/RHSA-2013-1862.html
XForce ISS Database: openjpa-cve20131768-command-execution(82268)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82268

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0292
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0292)
Zusammenfassung:	The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory. Vulnerability Insight: Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768). Affected Software/OS: 'openjpa' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1768 AIX APAR: PM86780 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780 AIX APAR: PM86786 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786 AIX APAR: PM86788 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788 AIX APAR: PM86791 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791 BugTraq ID: 60534 http://www.securityfocus.com/bid/60534 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html http://www-01.ibm.com/support/docview.wss?uid=swg21635999 RedHat Security Advisories: RHSA-2013:1862 http://rhn.redhat.com/errata/RHSA-2013-1862.html XForce ISS Database: openjpa-cve20131768-command-execution(82268) https://exchange.xforce.ibmcloud.com/vulnerabilities/82268
Copyright	Copyright (C) 2022 Greenbone AG