CVE-2016-0779
published 2017-04-11CVE-2016-0779: The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomee | <= 1.7.3 | — |
| apache | tomee | — | — |