The BrokerFactory functionality in Apache OpenJPA 1.x prior to 1.2.3 and 2.x prior to 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote malicious users to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache openjpa 1.0.2 |
||
apache openjpa 1.0.3 |
||
apache openjpa 2.0.1 |
||
apache openjpa 2.1.0 |
||
apache openjpa 1.0.0 |
||
apache openjpa 1.0.1 |
||
apache openjpa 1.2.2 |
||
apache openjpa 2.0.0 |
||
apache openjpa 1.2.0 |
||
apache openjpa 1.2.1 |
||
apache openjpa 1.0.4 |
||
apache openjpa 1.1.0 |
||
apache openjpa 2.1.1 |
||
apache openjpa 2.2.0 |
||
apache openjpa 2.2.1 |