67 matches found
RHEL 6 / 7 : rh-java-common-apache-commons-collections (RHSA-2015:2523)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2523 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...
CVE-2015-7501
creationtimestamp| type| source ---|---|--- 2023-12-08 13:11:12+00:00| seen| https://t.me/arpsyndicate/1566 2023-12-11 14:17:52+00:00| seen| https://t.me/arpsyndicate/1752 2024-02-16 15:31:43+00:00| seen| https://t.me/ctinow/186439 2026-02-02 12:25:26+00:00| exploited|...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)
Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...
RHEL 7 : rh-maven35-apache-commons-collections4 (RHSA-2020:4274)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4274 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...
org.opendaylight.bier:bier-karaf (=0.3.4), org.opendaylight.bier:features-bier (=0.3.4) +10 more potentially affected by CVE-2015-7501 via org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic (=4.01_1)
org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic MAVEN version =4.011 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic and may be impacted: -...
be.ordina:microservices-dashboard-server (=1.0.1), br.com.ingenieux:apigateway-maven-plugin (>=1.5.1 <=1.5.6) +1495 more potentially affected by CVE-2015-7501 via org.apache.commons:commons-collections4 (=4.0)
org.apache.commons:commons-collections4 MAVEN version =4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-collections4 and may be impacted: - be.ordina:microservices-dashboard-server =1.0.1 -...
net.osgiliath.framework:net.osgiliath.features.karaf-features-full (>=0.0.1 <=0.0.3), net.osgiliath.framework:net.osgiliath.features.karaf-features-jpa (>=0.0.1 <=0.0.3) +48 more potentially affected by CVE-2015-7501 via org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections (>=3.2.1_1 <=3.2.1_3)
org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections MAVEN version =3.2.11, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.2.0, =1.0.2, =1.0.8 - org.frie...
CentOS: Security Advisory for jakarta-commons-collections (CESA-2015:2671)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Exploit for Deserialization of Untrusted Data in Redhat Data_Grid
This repository contains a collection of Python scripts for exploiting Java deserialization vulnerabilities in various applications, including Cisco Prime Infrastructure, JBoss, Jenkins, and OpenNMS. The scripts use the ysoserial tool to generate the payload. The scripts can be categorized into...
Important: Red Hat Security Advisory: rh-maven35-apache-commons-collections4 security update
An update for rh-maven35-apache-commons-collections4 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 6 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clou...
Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)
According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108520; scriptversion"1.8";...
Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services NSS library with unkno...
Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE
Name| jboss6jmxinvokerservletdeserialize ---|--- CVE| CVE-2015-7501 Exploit Pack| CANVAS Description| jboss6jmxinvokerservletdeserialize Notes| CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0...
UBUNTU-CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
MySQL Enterprise Monitor 3.1.x < 3.1.6.7959 Java Object Deserialization RCE (January 2017 CPU)
According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.6.7959. It is, therefore, affected by a remote code execution vulnerability in the JMXInvokerServlet interface due to improper validation of Java objects before...
Red Hat JBoss Products RMI Java Deserialization Vulnerability (Nov 2015) - Active Check
Red Hat JBoss products are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...