OpenShift Enterprise by Red Hat is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

The following security issue is addressed with this release:

It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)

An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)

Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:

https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html

All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.

redhat 4

nessus 15

openvas 11

fedora 9

archlinux 1

freebsd 2

veracode 17

ubuntucve 15

cve 16

prion 16

checkpoint_advisories 2

osv 5

github 3

zdt 1

metasploit 1

mageia 1

canvas 1

packetstorm 1

ibm 14

debian 1

attackerkb 1

cisa_kev 1

debiancve 1

exploitdb 1

pentestit 1

kitploit 1

cert 1

impervablog 1

oracle 2

redhat

(RHSA-2016:0489) Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update

2016-03-22 00:00:00

(RHSA-2016:0070) Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update

2016-01-26 19:01:15

(RHSA-2016:2036) Important: Red Hat JBoss A-MQ 6.3 security update

2016-10-06 16:16:19

nessus

RHEL 6 : Red Hat OpenShift Enterprise 2.2.9 (RHSA-2016:0489)

2018-12-04 00:00:00

Fedora 23 : jenkins-1.625.2-2.fc23 / jenkins-remoting-2.53-1.fc23 (2015-d02feebd15)

2016-03-04 00:00:00

Fedora 22 : jenkins-1.609.3-4.fc22 (2015-89468612f5)

2016-03-04 00:00:00

openvas

Jenkins Multiple Vulnerabilities (Nov 2015) - Windows

2015-12-15 00:00:00

Jenkins Multiple Vulnerabilities (Nov 2015) - Linux

2016-08-05 00:00:00

Jenkins CLI Multiple Vulnerabilities

2015-11-17 00:00:00

fedora

[SECURITY] Fedora 23 Update: jenkins-remoting-2.53-1.fc23

2015-11-23 00:30:04

[SECURITY] Fedora 23 Update: jenkins-1.625.2-2.fc23

2015-11-23 00:30:04

[SECURITY] Fedora 22 Update: jenkins-1.609.3-4.fc22

2015-12-22 07:27:11

archlinux

jenkins: multiple issues

2015-11-18 00:00:00

freebsd

jenkins -- multiple vulnerabilities

2015-12-09 00:00:00

activemq -- Unsafe deserialization

2016-01-08 00:00:00

veracode

Sensitive Information Disclosure

2019-05-02 05:21:25

Cross-Site Scripting (XSS)

2019-05-02 05:21:31

Sensitive Information Disclosure

2019-05-02 05:21:20

ubuntucve

CVE-2015-7538

2016-02-03 00:00:00

CVE-2015-5324

2015-11-25 00:00:00

CVE-2015-7539

2016-02-03 00:00:00

cve

CVE-2015-7538

2016-02-03 18:59:00

CVE-2015-5326

2015-11-25 20:59:00

CVE-2015-7539

2016-02-03 18:59:00

prion

Code injection

2016-02-03 18:59:00

Cross site scripting

2015-11-25 20:59:00

Cross site request forgery (csrf)

2016-02-03 18:59:00

checkpoint_advisories

Jenkins CI Server Commons-Collections Library Insecure Deserialization (CVE-2015-8103)

2015-12-21 00:00:00

Apache ActiveMQ Plugin Remote Code Execution (CVE-2015-5254)

2019-09-09 00:00:00

osv

Jenkins CLI Deserialization of Untrusted Data vulnerability

2022-05-13 01:30:07

activemq - security update

2016-03-20 00:00:00

Improper Input Validation in Apache ActiveMQ

2022-05-13 01:30:05

github

Jenkins CLI Deserialization of Untrusted Data vulnerability

2022-05-13 01:30:07

Improper Input Validation in Apache ActiveMQ

2022-05-13 01:30:05

Apache NiFi JMS Deserialization issue

2022-05-14 03:16:19

zdt

Jenkins CLI RMI Java Deserialization Exploit

2015-12-15 00:00:00

metasploit

Jenkins CLI RMI Java Deserialization Vulnerability

2015-12-11 20:57:10

mageia

Updated apache-commons-collections packages fix CVE-2015-8103

2016-04-13 20:39:04

canvas

Immunity Canvas: JENKINS_CLI_DESERIALIZATION

2015-11-25 20:59:00

packetstorm

Jenkins CLI RMI Java Deserialization

2015-12-14 00:00:00

ibm

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Tivoli System Automation Application Manager (CVE-2015-5254)

2018-06-17 15:18:14

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2015-5254)

2019-12-17 22:47:42

Security Bulletin: OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management (JazzSM) v1.1.3 (CVE-2015-5254)

2018-06-17 15:47:49

debian

[SECURITY] [DSA 3524-1] activemq security update

2016-03-20 22:36:09

attackerkb

CVE-2015-5317

2015-11-25 00:00:00

cisa_kev

Jenkins User Interface (UI) Information Disclosure Vulnerability

2023-05-12 00:00:00

debiancve

CVE-2015-5254

2016-01-08 19:59:00

exploitdb

Jenkins CLI - RMI Java Deserialization (Metasploit)

2015-12-15 00:00:00

pentestit

JexBoss: Java Deserialization Verification & EXploitation Tool!

2017-08-11 06:52:45

kitploit

JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool

2017-12-18 21:12:00

cert

Apache Commons Collections Java library insecurely deserializes data

2015-11-13 00:00:00

impervablog

Deserialization Attacks Surge Motivated by Illegal Crypto-mining

2018-01-24 17:45:08

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2017

2018-03-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.394 Low

EPSS

Percentile

96.9%

JSON

Related for RHSA-2016:22381