1022 matches found
[SECURITY] [DSA 3403-1] libcommons-collections3-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 24, 2015 https://www.debian.org/security/faq -...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Updated packages for the Apache commons-collections library, which fix one security issue, are now available for Red Hat JBoss Enterprise Application Platform 5.2, 5.1.2, and 4.3.10. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring...
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2500)
Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.4, which fix one security issue, are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common...
IBM WebSphere Application Server Remote Code Execution Vulnerability
WebSphere is IBM's integrated software platform. IBM WebSphere Application Server is affected by an Apache Commons Collections remote code execution vulnerability that stems from data deserialization via constructs in the Java InvokerTransformer class. An attacker can exploit this vulnerability t...
Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
Apache Commons Collections extends or adds to the Java collections framework and is a component of Commons Proper. This component is a library of reusable Java components. A remote code execution vulnerability exists in Apache Commons Collections 'InvokerTransformer.java'. A remote attacker is...
Oracle WebLogic Java Object Deserialization RCE
The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update
Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.4, which fix one security issue, are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
Updated packages for the Apache commons-collections library, which fix one security issue, are now available for Red Hat JBoss Enterprise Application Platform 6.1, 6.2, 6.3, and 6.4. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
Critical: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 and 6.5.1 commons-collections security update
An updated package for the apache commons-collections library, fixing one security issue, is now available for Red Hat JBoss Data Grid 6.4.1 and 6.5.1 from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scorin...
Jenkins Apache Commons Java Collections Library Remote Code Execution
A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...
WebLogic Apache Commons Java Collections Library Remote Code Execution (CVE-2015-4852)
A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...
WebSphere Server and JBoss Platform Apache Commons Collections Remote Code Execution (CVE-2015-7501)
A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...
Jenkins < 1.638 / 1.625.2 Java Object Deserialization RCE
The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.638 or 1.625.2. It is, therefore, affected by a flaw in the Apache Commons Collections ACC library that allows the deserialization of unauthenticated Java objects. An unauthenticated, remote attacker can...
WebLogic “Java 反序列化”过程远程命令执行漏洞
漏洞原理 反序列化是指特定语言中将传递的对象序列化数据重新恢复为实例对象的过程,而在这个过程中会执行一系列的字节流解析和对象实例化操作用于恢复之前序列化时的对象。在原博文所提到的那些 Java 应用里都有特定的接口用于传递序列化对象数据,而在反序列化时并没有限制实例化对象的类型,导致可以任意构造应用中已经包含的对象利用反序列化操作进行实例化。 Java 在进行反序列化操作的时候会使用 ObjectInputStream 类调用 readObject...
Apache Commons Collections Java Library Vulnerability
US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...
Apache Commons Collections Java library insecurely deserializes data
Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...