Skip to main content

CVE-2016-0779

Severity

8.5

Description

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Also the EJBd can be disabled by following the steps in the reference.

Reference: [http://tomee.apache.org/ejbd-transport.html](http://tomee.apache.org/ejbd-transport.html)

Project

Apache TomEE

Category
n/a
Tags
data
operational
Date Disclosed

2017-04-11

Date Discovered

2015-12-16

Apache TomEE 1.7.x

First release:
2014-08-09
CVEs:
87
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.6.x

First release:
2013-11-17
CVEs:
101
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.5.x

First release:
2012-09-28
CVEs:
111
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.0.x

First release:
2012-04-27
CVEs:
121
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.