Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0-M1, 3.0.0, 3.0-beta-1
    • Fix Version/s: 3.0.1
    • Component/s: core
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      A misconfigured RMI classloader in Apache Geronimo 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

        Attachments

          Activity

            People

            • Assignee:
              gawor@mcs.anl.gov Jarek Gawor
              Reporter:
              gawor@mcs.anl.gov Jarek Gawor
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: