Test ID:	1.3.6.1.4.1.25623.1.1.10.2013.0292
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2013-0292)
Summary:	The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory.
Description:	Summary: The remote host is missing an update for the 'openjpa' package(s) announced via the MGASA-2013-0292 advisory. Vulnerability Insight: Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768). Affected Software/OS: 'openjpa' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1768 AIX APAR: PM86780 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86780 AIX APAR: PM86786 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86786 AIX APAR: PM86788 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86788 AIX APAR: PM86791 http://www-01.ibm.com/support/docview.wss?uid=swg1PM86791 BugTraq ID: 60534 http://www.securityfocus.com/bid/60534 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html http://www-01.ibm.com/support/docview.wss?uid=swg21635999 RedHat Security Advisories: RHSA-2013:1862 http://rhn.redhat.com/errata/RHSA-2013-1862.html XForce ISS Database: openjpa-cve20131768-command-execution(82268) https://exchange.xforce.ibmcloud.com/vulnerabilities/82268
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.