31 matches found
K30518307: Java commons-collections library vulnerability CVE-2015-4852
Security Advisory Description CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is...
RHEL 7 : rh-maven35-apache-commons-collections4 (RHSA-2020:4274)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4274 advisory. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections...
Security Bulletin: Vulnerability in Apache Commons affects IBM Worklight and IBM MobileFirst Platform Foundation (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Worklight and IBM MobileFirst Platform Foundation. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrar...
Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise
Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...
Security Bulletin: Apache Commons Collections affects Cúram Social Program Management (CVE-2015-7450)
Summary Cúram SPM uses the Apache Commons Collections Library. Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit...
Security Bulletin:Vulnerability in Apache Commons affects IBM Content Collector (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Content Collector. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: Vulnerability in Apache Commons affects IBM Application Server on Cloud (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Application Server on Cloud. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...
Fix weblogic JAVA deserialization vulnerability of a variety of methods-vulnerability warning-the black bar safety net
The current oracle is also not in the publicly released weblogic JAVA deserialization vulnerability official patch currently see the repair method is nothing more than two: Use SerialKiller replace the sequence of operation of the ObjectInputStream class; In does not affect the business case, the...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
IBM WebSphere Management Server Apache Commons
Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...
IBM WebSphere Management Server Apache Commons
Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)
CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is actually in InvokerTransformer...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...