PT-2016-6203 · Apache · Apache Qpid Amqp 0-X Jms Client+1

Timothy A. Bish

Published

2016-07-13

Updated

2022-05-14

CVE-2016-4974

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Qpid AMQP 0-x JMS client versions prior to 6.0.4 Apache Qpid JMS (AMQP 1.0) versions prior to 0.10.0

Description The issue allows remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function. This is due to the lack of restriction on the use of classes available on the classpath.

Recommendations For Apache Qpid AMQP 0-x JMS client versions prior to 6.0.4, update to version 6.0.4 or later. For Apache Qpid JMS (AMQP 1.0) versions prior to 0.10.0, update to version 0.10.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-4974

GHSA-F38P-MQ64-H784

Affected Products

Apache Qpid Amqp 0-X Jms Client

Apache Qpid Jms

PT-2016-6203 · Apache · Apache Qpid Amqp 0-X Jms Client+1

CVE-2016-4974

Weakness Enumeration

Related Identifiers

Affected Products

References · 14