Edit Page
 Index > Community > Security Reports > 3.0.x Security Report User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
Documentation
Microprofile
Downloads
News Archive
Project Management
License
Privacy Policy
ASF
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
Blog
IRC
FAQ
Wiki
Found a Bug?
Security Reports
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Release Roadmaps
  Subprojects
Development Tools
Sample Applications
GBuild
GShell
XBean
Yoko
Java EE Specs
Components
Plugins
RSS News
RSS Site Changes
ATOM User Mailing List
ATOM Developer Mailing List

Apache Geronimo 3.0.x vulnerabilities

This page lists all security vulnerabilities fixed in maintenance releases or interim builds of Apache Geronimo 3.0. Each vulnerability is given a security impact rating by either the Apache Geronimo team or by the dependent project supplying the fix - please note that this rating is not uniform and will vary from project to project. We also list the versions of Apache Geronimo the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.

Please send comments or corrections for these vulnerabilities to the Geronimo Security mailing list.


Fixed in Geronimo 3.0.0

CVE-2013-1777 - "Apache Geronimo 3 RMI classloader exposure" has been fixed via GERONIMO-6477.

Please visit the 3.0.0 Release Notes page for details on all of the included JIRAs.

Geronimo Server:

CVE-2013-1777: RMI classloader exposure

A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

Geronimo 3.0, Beta 1 or M1 users are strongly encouraged to upgrade to Geronimo 3.0.1.

Remote exploits can be prevented by hiding the naming (1099) and JMX (9999) ports behind a firewall or binding the ports to a local network interface.

Affects: 3.0.0, 3.0 Beta 1, and 3.0 M1
JIRA: GERONIMO-6477