exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache OpenJPA 1.x / 2.x Code Execution

Apache OpenJPA 1.x / 2.x Code Execution
Posted Jun 13, 2013
Authored by Pierre Ernst

Deserialization of a maliciously crafted Apache OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit the vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.

tags | advisory
advisories | CVE-2013-1768
SHA-256 | 32303c32cb83248176a31128df26e37e6c705dd40e339118c8a2a427536a4fa1

Apache OpenJPA 1.x / 2.x Code Execution

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2013-1768: Apache OpenJPA security vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

OpenJPA 1.0.0 to 1.0.4
OpenJPA 1.1.0
OpenJPA 1.3.0
OpenJPA 1.2.0 to 1.2.2
OpenJPA 2.0.0 to 2.0.1
OpenJPA 2.1.0 to 2.1.1
OpenJPA 2.2.0 to 2.2.1

Description: Deserialization of a maliciously crafted OpenJPA object can
result in an executable file being written to the file system. An
attacker needs to discover an unprotected server program to exploit the
vulnerability. It then needs to exploit another unprotected server
program to execute the file and gain access to the system. OpenJPA
usage by itself does not introduce the vulnerability.

Mitigation: Users of OpenJPA using a release based upon the JPA 1.0
specification level should upgrade to the OpenJPA 1.2.3 release. Users
of OpenJPA using a release based upon the JPA 2.0 specification level
should upgrade to the OpenJPA 2.2.2 release. Users needing to stay on
their current release should get the latest code from svn for the
corresponding branch level or apply a source patch and build a new
binary package. Nightly snapshots of the latest source builds are also
available for many branches.

OpenJPA release branch levels and corresponding fix revisions:

OpenJPA 1.0.x revision 1462558:
http://svn.apache.org/viewvc?view=revision&revision=1462558
OpenJPA 1.1.x revision 1462512:
http://svn.apache.org/viewvc?view=revision&revision=1462512
OpenJPA 1.2.x revision 1462488:
http://svn.apache.org/viewvc?view=revision&revision=1462488
OpenJPA 1.3.x revision 1462328:
http://svn.apache.org/viewvc?view=revision&revision=1462328
OpenJPA 2.0.x revision 1462318:
http://svn.apache.org/viewvc?view=revision&revision=1462318
OpenJPA 2.1.x revision 1462268:
http://svn.apache.org/viewvc?view=revision&revision=1462268
OpenJPA 2.2.1.x revision 1462225:
http://svn.apache.org/viewvc?view=revision&revision=1462225
OpenJPA 2.2.x revision 1462076:
http://svn.apache.org/viewvc?view=revision&revision=1462076

Example: An attacker creates a customized serialization of an OpenJPA
object. The attacker exploits an unprotected server program to execute
the object. The object includes logic that results in malicious trace
being written to a file, such as a JSP. The file containing malicious
commands is written to a potentially vulnerable area of the system. The
attacker exploits a second unprotected server program to execute the
file and gain access to the system.

Credit: This issue was discovered by Pierre Ernst of IBM Corporation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRuMz9AAoJEALD36U3PPjRdzMQAKYkGuFQ/jT6Txy5UemN7oC3
bAUsJRlAsV11uZTnTNo4hgtZVA9Q9fN2NbswjcWFS+/U1MljgrF9lqHspm/SV9o5
Yi4S39AtMKva0eBMGaRGBpARhu7QbMOxD7D9dqp79bHcgxfZROG71bwx4dTL3q3Z
3dxOEnkqPUM9vZFm3zrMKF4Hy3q/TuMIJtFtj/B5KuNtlJFXUe908wzoQyQjm9Al
M7xZhWGdGnVwD1ynlrG5exWZ8xlQ5W4TGeK/h3zJ05kYQHXIwhgiympApNfIYCQZ
1zexnGv7pWQI/NVXPv8XaxtZ6HYUn+1GpZ8ipF4nCoXy0KTfLJmd9wcpxU8b+4c1
tguzC8rYbol7TxkMy/HpAgHTavIfDXFZyjl5/z2X6e+s6YtP+TRCN8Jy7fpg0AuU
OFQp+LoY06vFJmoJiL0+TiNeotcZuH1l8OL6PuvXHF/4saAUfADNHqJIR5xBTdPY
rIy8gtS06IM6aOhSbCrJphIpSOk5qQQV5Uhzfo5NXFeglBxP+YEPFq5sBmVIPEOG
IL6u6CAclmMKg+vqXUeY1EsmV2lrhqshyBh7umTSSm7YWNgoQJJxUn/8phxATJ3K
DlaZWId//mmnz36349m9HF2hc5iPea01MDcWHUwe2a0d0Wmwz6CXlvWuBNtTmZoV
7iGIxMiN7yJ14RZoDsKw
=LVgy
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close