Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.
cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461
Mandriva Linux Security Advisory 2013-246 - The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4c55eb37a5c44844f39ac7313f686937c8667264af98281b9744075ef79ef28c
Red Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.
0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24ac
Deserialization of a maliciously crafted Apache OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit the vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.
32303c32cb83248176a31128df26e37e6c705dd40e339118c8a2a427536a4fa1