It was discovered that Apache Commons Collections allowed serialization
support for unsafe classes by default. A remote attacker could possibly
use this issue to execute arbitrary code.

References

ubuntu.com/security/CVE-2015-4852

ubuntu.com/security/notices/USN-6936-1

nessus 4

cisa_kev 1

cvelist 1

exploitdb 3

nvd 1

openvas 4

prion 1

saint 4

zdt 3

checkpoint_advisories 1

f5 2

cve 1

packetstorm 2

exploitpack 1

ubuntu 1

metasploit 1

attackerkb 1

canvas 1

ubuntucve 1

myhack58 1

ibm 9

osv 1

veracode 1

githubexploit 3

cert 1

kitploit 1

threatpost 1

qualysblog 2

ics 1

impervablog 1

oracle 5

nessus

Ubuntu 14.04 LTS : Apache Commons Collections vulnerability (USN-6936-1)

2024-08-01 00:00:00

F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)

2015-12-17 00:00:00

Oracle WebLogic Java Object Deserialization RCE

2015-11-23 00:00:00

cisa_kev

Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability

2021-11-03 00:00:00

cvelist

CVE-2015-4852

2015-11-18 15:00:00

exploitdb

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

2017-09-27 00:00:00

Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code Execution

2016-07-20 00:00:00

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)

2019-03-28 00:00:00

nvd

CVE-2015-4852

2015-11-18 15:59:00

openvas

Ubuntu: Security Advisory (USN-6936-1)

2024-08-01 00:00:00

Oracle WebLogic Server RCE Vulnerability

2015-11-17 00:00:00

Oracle WebLogic Server Java Deserialization Vulnerability

2016-07-27 00:00:00

prion

Code injection

2015-11-18 15:59:00

saint

Oracle WebLogic Apache Commons library deserialization vulnerability

2015-11-20 00:00:00

Oracle WebLogic Apache Commons library deserialization vulnerability

2015-11-20 00:00:00

Oracle WebLogic Apache Commons library deserialization vulnerability

2015-11-20 00:00:00

zdt

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

2019-03-27 00:00:00

Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution

2018-04-29 00:00:00

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Exploit

2017-09-28 00:00:00

checkpoint_advisories

WebLogic Apache Commons Java Collections Library Remote Code Execution (CVE-2015-4852)

2015-11-19 00:00:00

SOL30518307 - Java commons-collections library vulnerability CVE-2015-4852

2015-12-15 00:00:00

K30518307 : Java commons-collections library vulnerability CVE-2015-4852

2015-12-15 00:00:00

cve

CVE-2015-4852

2015-11-18 15:59:00

packetstorm

Oracle WebLogic Server Java Deserialization Remote Code Execution

2017-09-29 00:00:00

Oracle Weblogic Server Deserialization Remote Code Execution

2019-03-27 00:00:00

exploitpack

Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution

2017-09-27 00:00:00

ubuntu

Apache Commons Collections vulnerability

2024-07-31 00:00:00

metasploit

Oracle Weblogic Server Deserialization RCE - Raw Object

2018-12-16 02:26:34

attackerkb

CVE-2015-4852

2015-11-18 00:00:00

canvas

Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION

2017-11-09 17:29:00

ubuntucve

CVE-2015-4852

2015-11-18 00:00:00

myhack58

The use of server vulnerability mining black production case study-vulnerability warning-the black bar safety net

2017-03-15 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

2023-07-17 06:26:40

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

2024-06-05 07:14:06

Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)

2020-10-20 11:33:26

osv

apache-commons-beanutils-1.9.4-3.7 on GA media

2024-06-15 00:00:00

veracode

Potential Remote Code Execution Via Java Object Deserialization

2015-11-09 19:34:22

githubexploit

Exploit for Command Injection in Oracle Virtual Desktop Infrastructure

2020-08-10 09:17:04

Exploit for CVE-2014-4210

2022-03-19 01:54:15

Exploit for CVE-2014-4210

2022-03-19 01:54:15

cert

Apache Commons Collections Java library insecurely deserializes data

2015-11-13 00:00:00

kitploit

Jok3R - Network And Web Pentest Framework

2019-01-23 12:25:00

threatpost

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

2020-10-21 20:31:17

qualysblog

NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities

2020-10-22 23:10:29

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

ics

Potential for China Cyber Response to Heightened U.S.–China Tensions

2020-10-20 12:00:00

impervablog

Deserialization Attacks Surge Motivated by Illegal Crypto-mining

2018-01-24 17:45:08

oracle

Oracle Critical Patch Update - January 2018

2018-01-16 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Oracle Critical Patch Update - January 2016

2016-01-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

Related for OSV:USN-6936-1