CVE-2016-4978 : The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core cl

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

Published 2016-09-27 15:59:02

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2016-4978

Redhat » Jboss Enterprise Application Platform » Version: 6.0.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux Server » Version: 5.0
When used together with: Redhat » Enterprise Linux Server » Version: 6.0
When used together with: Redhat » Enterprise Linux Server » Version: 7.0
Redhat » Jboss Enterprise Application Platform » Version: 6.4.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux Server » Version: 5.0
When used together with: Redhat » Enterprise Linux Server » Version: 6.0
When used together with: Redhat » Enterprise Linux Server » Version: 7.0
Redhat » Jboss Enterprise Application Platform » Version: 7.0.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux Server » Version: 6.0
When used together with: Redhat » Enterprise Linux Server » Version: 7.0
Redhat » Jboss Enterprise Application Platform » Version: 7.1.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux Server » Version: 6.0
When used together with: Redhat » Enterprise Linux Server » Version: 7.0
Apache » Activemq Artemis
Versions before (<) 1.4.0
cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-4978

EPSS FAQ

1.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4978

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-4978

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4978

https://access.redhat.com/errata/RHSA-2017:1835

RHSA-2017:1835 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/93142

Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:1451

RHSA-2018:1451 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3458

RHSA-2017:3458 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1836

RHSA-2017:1836 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E

[jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978-Apache Mail Archives
https://access.redhat.com/errata/RHSA-2018:1448

RHSA-2018:1448 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

[activemq-website] branch master updated: Publish CVE-2021-26117-Apache Mail Archives

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3456

RHSA-2017:3456 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E

[CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability
Mailing List;Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1450

RHSA-2018:1450 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1834

RHSA-2017:1834 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3455

RHSA-2017:3455 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1837

RHSA-2017:1837 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E

[activemq-website] branch master updated: Publish CVE-2021-26118-Apache Mail Archives

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:1447

RHSA-2018:1447 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:1449

RHSA-2018:1449 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E

[jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978-Apache Mail Archives
https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf

Technical Description;Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3454

RHSA-2017:3454 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-4978

Products affected by CVE-2016-4978

Exploit prediction scoring system (EPSS) score for CVE-2016-4978

CVSS scores for CVE-2016-4978

CWE ids for CVE-2016-4978

References for CVE-2016-4978