CVE-2016-4978
7.2 HIGHThe getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component ...
Published: 2016-09-27 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-502
Affected products
| Vendor | Product |
|---|---|
| apache | artemis, jboss_enterprise_application_platform |
| redhat | artemis, jboss_enterprise_application_platform |
Description
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2016-4978
- [Vendor advisory]http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
- [Other]http://www.securityfocus.com/bid/93142
- [Other]https://access.redhat.com/errata/RHSA-2017:1834
- [Other]https://access.redhat.com/errata/RHSA-2017:1835
- [Other]https://access.redhat.com/errata/RHSA-2017:1836
- [Other]https://access.redhat.com/errata/RHSA-2017:1837
- [Other]https://access.redhat.com/errata/RHSA-2017:3454
- [Other]https://access.redhat.com/errata/RHSA-2017:3455
- [Other]https://access.redhat.com/errata/RHSA-2017:3456
- [Other]https://access.redhat.com/errata/RHSA-2017:3458
- [Other]https://access.redhat.com/errata/RHSA-2018:1447
- [Other]https://access.redhat.com/errata/RHSA-2018:1448
- [Other]https://access.redhat.com/errata/RHSA-2018:1449
- [Other]https://access.redhat.com/errata/RHSA-2018:1450
- [Other]https://access.redhat.com/errata/RHSA-2018:1451
- [Other]https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
- [Other]https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
- [Vendor advisory]http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E
- [Other]http://www.securityfocus.com/bid/93142
- [Other]https://access.redhat.com/errata/RHSA-2017:1834
- [Other]https://access.redhat.com/errata/RHSA-2017:1835
- [Other]https://access.redhat.com/errata/RHSA-2017:1836
- [Other]https://access.redhat.com/errata/RHSA-2017:1837
- [Other]https://access.redhat.com/errata/RHSA-2017:3454
- [Other]https://access.redhat.com/errata/RHSA-2017:3455
- [Other]https://access.redhat.com/errata/RHSA-2017:3456
- [Other]https://access.redhat.com/errata/RHSA-2017:3458
- [Other]https://access.redhat.com/errata/RHSA-2018:1447
- [Other]https://access.redhat.com/errata/RHSA-2018:1448
- [Other]https://access.redhat.com/errata/RHSA-2018:1449
- [Other]https://access.redhat.com/errata/RHSA-2018:1450
- [Other]https://access.redhat.com/errata/RHSA-2018:1451
- [Other]https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E
- [Other]https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-50645 — There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can l... (7.5 HIGH)
- CVE-2026-50634 — A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticate... (6.5 MEDIUM)
- CVE-2026-50633 — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)
Same CWE
- CVE-2026-48775 — LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite) (6.8 MEDIUM)
- CVE-2026-10748 — An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating s...
- CVE-2026-24228 — NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
- CVE-2026-48853 — Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unau...
- CVE-2026-9691 — Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions (9.8 CRITICAL)