CVE-2013-1777

Name of the Vulnerable Software and Affected Versions Apache Geronimo versions 3.0.0 through 3.0.1 IBM WebSphere Application Server (WAS) Community Edition version 3.0.0.3

Description The issue is related to the JMX Remoting functionality, which does not properly implement the RMI classloader. This allows remote attackers to execute arbitrary code by sending a crafted serialized object using the JMX connector.

Recommendations For Apache Geronimo versions 3.0.0 through 3.0.1, update to version 3.0.1 or later. For IBM WebSphere Application Server (WAS) Community Edition version 3.0.0.3, consider disabling the JMX Remoting functionality until a patch is available.