漏洞类别:CGI
漏洞等级: 
漏洞信息
Apache TomEE is the Java Enterprise Edition of Apache Tomcat (Tomcat + Java EE = TomEE) that combines several Java enterprise projects including Apache OpenEJB, Apache OpenWebBeans, Apache OpenJPA, Apache MyFaces and others.
The flaw exists within the EjbObjectInputStream class which accepts and deserializes any Java serialized binary stream.
Affected Versions:
Apache TomEE versions prior to 7.0.0-M3 and 1.7.4
漏洞危害
An attacker could exploit this vulnerability to execute arbitrary commands on the targeted system.
解决方案
Customers are advised to upgrade to Apache TomEE 7.0.0-M3 and 1.7.4 or later version to fix this issue. For more details please refer to Apache TomEE 7.0.0-M3 and 1.7.4 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论