Lucene search
K

1022 matches found

Debian
Debian
added 2015/11/24 9:27 p.m.20 views

[SECURITY] [DSA 3403-1] libcommons-collections3-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3403-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 24, 2015 https://www.debian.org/security/faq -...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/24 6:3 p.m.8 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/11/24 6:3 p.m.46 views

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

Updated packages for the Apache commons-collections library, which fix one security issue, are now available for Red Hat JBoss Enterprise Application Platform 5.2, 5.1.2, and 4.3.10. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring...

10CVSS6.7AI score0.83274EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.59 views

RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2500)

Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.4, which fix one security issue, are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common...

10CVSS7.5AI score0.83274EPSS
Exploits8References4
CNVD
CNVD
added 2015/11/23 12:0 a.m.4 views

IBM WebSphere Application Server Remote Code Execution Vulnerability

WebSphere is IBM's integrated software platform. IBM WebSphere Application Server is affected by an Apache Commons Collections remote code execution vulnerability that stems from data deserialization via constructs in the Java InvokerTransformer class. An attacker can exploit this vulnerability t...

10CVSS8.4AI score0.97655EPSS
Exploits10References1
CNVD
CNVD
added 2015/11/23 12:0 a.m.3 views

Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability

Apache Commons Collections extends or adds to the Java collections framework and is a component of Commons Proper. This component is a library of reusable Java components. A remote code execution vulnerability exists in Apache Commons Collections 'InvokerTransformer.java'. A remote attacker is...

8.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/11/23 12:0 a.m.1765 views

Oracle WebLogic Java Object Deserialization RCE

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...

9.8CVSS8.6AI score0.96032EPSS
Exploits17References3
RedHat Linux
RedHat Linux
added 2015/11/20 7:17 p.m.4 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/11/20 7:17 p.m.55 views

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update

Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.4, which fix one security issue, are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common...

10CVSS6.7AI score0.83274EPSS
Exploits8References3
RedHat Linux
RedHat Linux
added 2015/11/20 6:31 p.m.6 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/11/20 6:31 p.m.48 views

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

Updated packages for the Apache commons-collections library, which fix one security issue, are now available for Red Hat JBoss Enterprise Application Platform 6.1, 6.2, 6.3, and 6.4. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring...

10CVSS6.7AI score0.83274EPSS
Exploits8References7
RedHat Linux
RedHat Linux
added 2015/11/20 6:30 p.m.6 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/11/20 6:30 p.m.36 views

Critical: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 and 6.5.1 commons-collections security update

An updated package for the apache commons-collections library, fixing one security issue, is now available for Red Hat JBoss Data Grid 6.4.1 and 6.5.1 from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scorin...

10CVSS6.7AI score0.83274EPSS
Exploits8References5
Check Point Advisories
Check Point Advisories
added 2015/11/19 12:0 a.m.1 views

Jenkins Apache Commons Java Collections Library Remote Code Execution

A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...

4.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2015/11/19 12:0 a.m.7 views

WebLogic Apache Commons Java Collections Library Remote Code Execution (CVE-2015-4852)

A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...

7.5CVSS4.1AI score0.96032EPSS
Exploits17
Check Point Advisories
Check Point Advisories
added 2015/11/17 12:0 a.m.10 views

WebSphere Server and JBoss Platform Apache Commons Collections Remote Code Execution (CVE-2015-7501)

A remote code execution vulnerability has been reported in the Apache Commons Java Collections Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted serialized object to an application which uses the Apache Commons Java Collections Framework as part of i...

10CVSS4.1AI score0.83274EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2015/11/17 12:0 a.m.175 views

Jenkins < 1.638 / 1.625.2 Java Object Deserialization RCE

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.638 or 1.625.2. It is, therefore, affected by a flaw in the Apache Commons Collections ACC library that allows the deserialization of unauthenticated Java objects. An unauthenticated, remote attacker can...

9.8CVSS8.8AI score0.86829EPSS
Exploits12References5
seebug.org
seebug.org
added 2015/11/14 12:0 a.m.35 views

WebLogic “Java 反序列化”过程远程命令执行漏洞

漏洞原理 反序列化是指特定语言中将传递的对象序列化数据重新恢复为实例对象的过程,而在这个过程中会执行一系列的字节流解析和对象实例化操作用于恢复之前序列化时的对象。在原博文所提到的那些 Java 应用里都有特定的接口用于传递序列化对象数据,而在反序列化时并没有限制实例化对象的类型,导致可以任意构造应用中已经包含的对象利用反序列化操作进行实例化。 Java 在进行反序列化操作的时候会使用 ObjectInputStream 类调用 readObject...

7AI score
Exploits0
CISA
CISA
added 2015/11/13 12:0 a.m.16 views

Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...

7.2AI score
Exploits0References1
CERT
CERT
added 2015/11/13 12:0 a.m.422 views

Apache Commons Collections Java library insecurely deserializes data

Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...

9.8CVSS8.8AI score0.18763EPSS
Exploits1References18
Rows per page
Query Builder