This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports :
JMS Object messages depends on Java Serialization for
marshaling/unmashaling of the message payload. There are a couple of
places inside the broker where deserialization can occur, like web
console or stomp object message transformation. As deserialization of
untrusted data can lead to security flaws as demonstrated in various
reports, this leaves the broker vulnerable to this attack vector.
Additionally, applications that consume ObjectMessage type of messages
can be vulnerable as they deserialize objects on
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true