UBUNTU-CVE-2013-1768

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2013-1768
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1768.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-1768
Upstream
Withdrawn
2025-07-18T16:42:50Z
Published
2013-07-11T22:55:00Z
Modified
2025-07-16T07:31:11.616312Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

References

Affected packages

Ubuntu:14.04:LTS / openjpa

Package

Name
openjpa
Purl
pkg:deb/ubuntu/openjpa@2.2.2-1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.2-1

Affected versions

2.*
2.0.1-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libopenjpa-java",
            "binary_version": "2.2.2-1"
        },
        {
            "binary_name": "libopenjpa-java-doc",
            "binary_version": "2.2.2-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1768.json"

Ubuntu:16.04:LTS / openjpa

Package

Name
openjpa
Purl
pkg:deb/ubuntu/openjpa@2.4.0-2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.0-2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libopenjpa-java",
            "binary_version": "2.4.0-2"
        },
        {
            "binary_name": "libopenjpa-java-doc",
            "binary_version": "2.4.0-2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-1768.json"