Mandriva Linux Security Advisory : openjpa (MDVSA-2013:246)

High Nessus Plugin ID 70325


The remote Mandriva Linux host is missing one or more security updates.


Updated openjpa packages fix security vulnerability :

The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768).


Update the affected openjpa, openjpa-javadoc and / or openjpa-tools packages.

See Also

Plugin Details

Severity: High

ID: 70325

File Name: mandriva_MDVSA-2013-246.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2013/10/08

Modified: 2013/11/25

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:openjpa, p-cpe:/a:mandriva:linux:openjpa-javadoc, p-cpe:/a:mandriva:linux:openjpa-tools, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/07

Reference Information

CVE: CVE-2013-1768

BID: 60534

MDVSA: 2013:246