What is CVE-2013-1777?

CVE-2013-1777 is a vulnerability in Apache Geronimo, classified under Code Injection. Published 2013-07-11.

Is CVE-2013-1777 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Geronimo

CVE-2013-1777

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attack…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.083 (92.4th percentile) — read the EPSS interpretation.

Affected products

Apache Geronimo — versions 3.0
Ibm Websphere_application_server — versions 3.0.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

PalindromeLabs/Java-Deserialization-CVEs

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
20130701 [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2013-1777?: CVE-2013-1777 is a vulnerability in Apache Geronimo, classified under Code Injection. Published 2013-07-11.
Is CVE-2013-1777 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.