7 matches found
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections
Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...
Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent
Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...
toyotaoforlando.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1122066 Security Researcher 1Lov3Bugs Helped patch 329 vulnerabilities Received 2 Coordinated Disclosure badges Received 1 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting toyotaoforlando.com websit...
openlink.ca.skku.edu Cross Site Scripting vulnerability OBB-1075098
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Apache Synapse远程命令执行漏洞(CVE-2017-15708)
0X00 介绍 Apache Synapse是一种轻量级的高性能企业服务总线(ESB)。Apache Synapse由快速和异步的中介引擎提供支持,为XML、Web服务和REST提供了卓越的支持。 0X01 分析 我们知道,完成反序列化漏洞需要存在两个条件: 存在反序列化对象数据传输 有缺陷的第三方lib库,例如Apache Commons Collections 在FoxGlove Security安全团队的@breenmachine的博文中,总结了非常全面可能使用反序列化的地方: 在HTTP请求中 RMI,RMI在传输过程中一定会使用序列化和反序列化...
CVE-2017-15708
CVE-2017-15708 affects Apache Synapse: by default no authentication for Java RMI, enabling remote code execution through specially crafted serialized objects when Commons Collections 3.2.1 or earlier are present. IBM and related bulletins reiterate the issue and note that upgrading to Synapse 3.0...