English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-4978
Description:The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
Test IDs: 1.3.6.1.4.1.25623.1.0.809342  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-4978
93142
http://www.securityfocus.com/bid/93142
RHSA-2017:1834
https://access.redhat.com/errata/RHSA-2017:1834
RHSA-2017:1835
https://access.redhat.com/errata/RHSA-2017:1835
RHSA-2017:1836
https://access.redhat.com/errata/RHSA-2017:1836
RHSA-2017:1837
https://access.redhat.com/errata/RHSA-2017:1837
RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3454
RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3455
RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3456
RHSA-2017:3458
https://access.redhat.com/errata/RHSA-2017:3458
RHSA-2018:1447
https://access.redhat.com/errata/RHSA-2018:1447
RHSA-2018:1448
https://access.redhat.com/errata/RHSA-2018:1448
RHSA-2018:1449
https://access.redhat.com/errata/RHSA-2018:1449
RHSA-2018:1450
https://access.redhat.com/errata/RHSA-2018:1450
RHSA-2018:1451
https://access.redhat.com/errata/RHSA-2018:1451
[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
[activemq-issues] 20190529 [jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978
https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978
https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
[activemq-users] 20160923 [CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability
http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf



© 1998-2025 E-Soft Inc. All rights reserved.