High severityNVD Advisory· Published Jul 11, 2013· Updated Jun 16, 2026
CVE-2013-1777
CVE-2013-1777
Description
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.geronimo.framework:geronimo-jmx-remotingMaven | >= 3.0-beta-1, < 3.0.1 | 3.0.1 |
Affected products
5- cpe:2.3:a:ibm:websphere_application_server:3.0.0.3:-:community:*:*:*:*:*
- ghsa-coordsRange: >= 3.0-beta-1, < 3.0.1
Patches
Vulnerability mechanics
References
9- www-01.ibm.com/support/docview.wssnvdPatchVendor AdvisoryWEB
- geronimo.apache.org/30x-security-report.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-v64w-96p6-fx7wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1777ghsaADVISORY
- archives.neohapsis.com/archives/bugtraq/2013-07/0008.htmlnvdWEB
- svn.apache.org/viewvc/geronimo/server/trunkghsaWEB
- svn.apache.org/viewvcghsaWEB
- github.com/apache/geronimo/commit/ee031c5e62b0d358250d06c2aa6722518579a6c5ghsaWEB
- issues.apache.org/jira/browse/GERONIMO-6477nvdWEB
News mentions
0No linked articles in our index yet.