CVE-2016-4978
Published on: 09/27/2016 12:00:00 AM UTC
Last Modified on: 02/12/2023 11:22:00 PM UTC
Certain versions of Activemq Artemis from Apache contain the following vulnerability:
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
- CVE-2016-4978 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:3455 |
Pony Mail! | Mailing List Vendor Advisory lists.apache.org text/html | MLIST [activemq-issues] 20190529 [jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2018:1451 |
Technical Description Third Party Advisory www.blackhat.com application/pdf | MISC www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf | |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2018:1449 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:3454 |
Pony Mail! | lists.apache.org text/html | MLIST [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2018:1450 |
Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html | BID 93142 |
[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability | Mailing List Vendor Advisory mail-archives.apache.org text/xml | MLIST [activemq-users] 20160923 [CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2018:1448 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:3456 |
Pony Mail! | Exploit Mailing List Vendor Advisory lists.apache.org text/html | MLIST [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:1836 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:3458 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:1834 |
Pony Mail! | lists.apache.org text/html | MLIST [activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:1837 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2018:1447 |
Red Hat Customer Portal | Third Party Advisory access.redhat.com text/html | REDHAT RHSA-2017:1835 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
- cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*:
- cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2021-20318 : The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote… twitter.com/i/web/status/1… | 2021-12-23 20:12:49 |