CVE-2016-2510

CVE-2016-2510 is BeanShell deserialization vulnerability: when BeanShell is on the classpath with Java serialization or XStream, crafted serialized data can lead to remote code execution via XThis.Handler. Public docs confirm impact across IBM Emptoris/Contract Management/Program Management suite...

CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

Atlassian Bamboo Arbitrary Code Execution Vulnerability

Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability exists in a resource in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x versions prior to 5.10.0, which can be exploited by remote attackers to execute arbitrary Java code by...

FreeBSD : activemq -- Unsafe deserialization (a258604d-f2aa-11e5-b4a9-ac220bdcec59)

Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports : JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...

openSUSE: Security Advisory for bsh2 (openSUSE-SU-2016:0788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for bsh2 (important)

This update for bsh2 fixes the following issues: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see...

SUSE-SU-2016:0699-1 Security update for bsh2

This update for bsh2 fixes the following issue: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see...

SUSE-SU-2016:0700-1 Security update for bsh2

This update for bsh2 fixes the following issues: - CVE-2016-2510: An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source. Please see...

FreeBSD : bsh -- remote code execution vulnerability (9e5bbffc-d8ac-11e5-b2bd-002590263bf5)

Stian Soiland-Reyes reports : This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Munoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the...

CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

UBUNTU-CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

bsh -- remote code execution vulnerability

Stian Soiland-Reyes reports: This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Muñoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the...

Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.5 update

Red Hat JBoss Operations Network 3.3 update 5, which fixes two security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

PayPal Java Serialization Vulnerability

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogi...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

activemq -- Unsafe deserialization

Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports: JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...

JAVA serialization and deserialization and vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

JAVA serialization and deserialization, as well as vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.2.1 update

Red Hat JBoss Fuse 6.2.1, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...