CVE-2016-4974 Information

Feb 14, 2021 cve

Description

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/137749/Apache-Qpid-Untrusted-Input-Deserialization.html http://qpid.apache.org/components/jms/security.html http://qpid.apache.org/components/jms/security-0-x.html http://www.securityfocus.com/archive/1/538813/100/0/threaded http://www.securityfocus.com/bid/91537 http://www.securitytracker.com/id/1036239 https://issues.apache.org/jira/browse/QPIDJMS-188

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5

Share on: