Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:246 | First vendor Publication | 2013-10-07 |
Vendor | Mandriva | Last vendor Modification | 2013-10-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs (CVE-2013-1768). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:246 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-246.nasl - Type : ACT_GATHER_INFO |
2013-09-20 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO |
2013-08-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO |
2013-07-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO |
2013-07-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-12948.nasl - Type : ACT_GATHER_INFO |
2013-07-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-12960.nasl - Type : ACT_GATHER_INFO |
2013-07-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-12967.nasl - Type : ACT_GATHER_INFO |
2013-07-19 | Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:04 |
|
2013-10-07 21:20:05 |
|