Vulnerability Details : CVE-2016-4978
Potential exploit
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
Vulnerability category: Execute code
Products affected by CVE-2016-4978
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4978
1.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4978
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2016-4978
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4978
-
https://access.redhat.com/errata/RHSA-2017:1835
RHSA-2017:1835 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/93142
Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:1451
RHSA-2018:1451 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3458
RHSA-2017:3458 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1836
RHSA-2017:1836 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
[jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978-Apache Mail Archives
-
https://access.redhat.com/errata/RHSA-2018:1448
RHSA-2018:1448 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
[activemq-website] branch master updated: Publish CVE-2021-26117-Apache Mail Archives
-
https://access.redhat.com/errata/RHSA-2017:3456
RHSA-2017:3456 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerabilityMailing List;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2018:1450
RHSA-2018:1450 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1834
RHSA-2017:1834 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3455
RHSA-2017:3455 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1837
RHSA-2017:1837 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
[activemq-website] branch master updated: Publish CVE-2021-26118-Apache Mail Archives
-
https://access.redhat.com/errata/RHSA-2018:1447
RHSA-2018:1447 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1449
RHSA-2018:1449 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
[jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978-Apache Mail Archives
-
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Technical Description;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3454
RHSA-2017:3454 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to