CVE-2013-1777

critical Apache
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
8.3%
Exploitation probability in 30 days
Top 8% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: July 11, 2013 (4690 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.

CWE

CWE-94

Affected Products

apache geronimoibm websphere application server

References

🔗 archives.neohapsis.com 🔗 geronimo.apache.org 🔗 www-01.ibm.com 🔗 issues.apache.org 🔗 archives.neohapsis.com