Mandriva Linux Security Advisory : openjpa (MDVSA-2013:246)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated openjpa packages fix security vulnerability :

The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates
local executable JSP files containing logging trace data produced
during deserialization of certain crafted OpenJPA objects, which makes
it easier for remote attackers to execute arbitrary code by creating a
serialized object and leveraging improperly secured server programs
(CVE-2013-1768).

See also :

http://advisories.mageia.org/MGASA-2013-0292.html

Solution :

Update the affected openjpa, openjpa-javadoc and / or openjpa-tools
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 70325 ()

Bugtraq ID: 60534

CVE ID: CVE-2013-1768

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now