Lucene search
UbuntuUSN-6936-1HistoryJul 31, 2024 - 12:00 a.m.
Apache Commons Collections vulnerability
2024-07-3100:00:00
ubuntu.com
7
apache commons collections
serialization support
remote code execution
ubuntu 14.04 esm
libcommons-collections3-java
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
Low
Releases
- Ubuntu 14.04 ESM
Packages
- libcommons-collections3-java - Apache Commons Collections - Extended Collections API for Java
Details
It was discovered that Apache Commons Collections allowed serialization
support for unsafe classes by default. A remote attacker could possibly
use this issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libcommons-collections3-java | <ย 3.2.1-6ubuntu0.1~esm1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libcommons-collections3-java | <ย 3.2.1-6 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libcommons-collections3-java-doc | <ย 3.2.1-6 | UNKNOWN |
References
Related
nessus
nessus
Ubuntu 14.04 LTS : Apache Commons Collections vulnerability (USN-6936-1)
2024-08-01 00:00:00
Oracle WebLogic Java Object Deserialization RCE
2015-11-23 00:00:00
cisa_kev
cisa_kev
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2015-4852
2015-11-18 15:00:00
exploitdb
exploitdb
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
2017-09-27 00:00:00
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
2019-03-28 00:00:00
nvd
nvd
CVE-2015-4852
2015-11-18 15:59:00
openvas
openvas
Ubuntu: Security Advisory (USN-6936-1)
2024-08-01 00:00:00
Oracle WebLogic Server RCE Vulnerability
2015-11-17 00:00:00
Oracle WebLogic Server Java Deserialization Vulnerability
2016-07-27 00:00:00
prion
prion
Code injection
2015-11-18 15:59:00
saint
saint
Oracle WebLogic Apache Commons library deserialization vulnerability
2015-11-20 00:00:00
Oracle WebLogic Apache Commons library deserialization vulnerability
2015-11-20 00:00:00
Oracle WebLogic Apache Commons library deserialization vulnerability
2015-11-20 00:00:00
zdt
zdt
Oracle Weblogic Server Deserialization Remote Code Execution Exploit
2019-03-27 00:00:00
Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution
2018-04-29 00:00:00
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Exploit
2017-09-28 00:00:00
packetstorm
packetstorm
Oracle WebLogic Server Java Deserialization Remote Code Execution
2017-09-29 00:00:00
Oracle Weblogic Server Deserialization Remote Code Execution
2019-03-27 00:00:00
f5
f5
K30518307 : Java commons-collections library vulnerability CVE-2015-4852
2015-12-15 00:00:00
SOL30518307 - Java commons-collections library vulnerability CVE-2015-4852
2015-12-15 00:00:00
osv
osv
libcommons-collections3-java vulnerability
2024-07-31 18:33:13
apache-commons-beanutils-1.9.4-3.7 on GA media
2024-06-15 00:00:00
exploitpack
exploitpack
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
2017-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2015-4852
2015-11-18 15:59:00
metasploit
metasploit
Oracle Weblogic Server Deserialization RCE - Raw Object
2018-12-16 02:26:34
attackerkb
attackerkb
CVE-2015-4852
2015-11-18 00:00:00
canvas
canvas
Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION
2017-11-09 17:29:00
ubuntucve
ubuntucve
CVE-2015-4852
2015-11-18 00:00:00
myhack58
myhack58
ibm
ibm
Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent
2023-07-17 06:26:40
veracode
veracode
Potential Remote Code Execution Via Java Object Deserialization
2015-11-09 19:34:22
githubexploit
githubexploit
Exploit for Command Injection in Oracle Virtual Desktop Infrastructure
2020-08-10 09:17:04
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
cert
cert
Apache Commons Collections Java library insecurely deserializes data
2015-11-13 00:00:00
kitploit
kitploit
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
threatpost
threatpost
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
2020-10-21 20:31:17
qualysblog
qualysblog
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
2020-10-22 23:10:29
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
ics
ics
Potential for China Cyber Response to Heightened U.S.โChina Tensions
2020-10-20 12:00:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
Low
Related for USN-6936-1