CVE-2016-4978

CWE-502Deserialization of Untrusted Data7 documents6 sources
Severity
7.2HIGH
EPSS
1.1%
top 22.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Activemq ArtemisRedhat Jboss Enterprise Application Platform
Timeline
PublishedSep 27
Latest updateMay 13

Description

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5artemis_in_eap_77.3.9.GA, 7.4.0.GA

🔴Vulnerability Details

3
GHSA
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain2022-05-13
OSV
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain2022-05-13
CVEList
CVE-2016-4978: The getObject method of the javax2016-09-27

📋Vendor Advisories

2
Red Hat
7: Incomplete fix of CVE-2016-4978 in HornetQ library2021-10-05
Red Hat
Artemis: Deserialization of untrusted input vulnerability2016-09-23

💬Community

1
Bugzilla
CVE-2016-4978 Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability2016-09-26
CVE-2016-4978 (HIGH CVSS 7.2) | The getObject method of the javax.j | cvebase.io