Lucene search
AmazonALAS-2015-618HistoryDec 14, 2015 - 10:00 a.m.
Important: apache-commons-collections
2015-12-1410:00:00
alas.aws.amazon.com
29
0.019 Low
EPSS
Percentile
88.5%
Issue Overview:
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Affected Packages:
apache-commons-collections
Issue Correction:
Run yum update apache-commons-collections to update your system.
New Packages:
noarch:
ย ย ย apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-javadoc-3.2.1-11.9.amzn1.noarch
ย ย ย apache-commons-collections-testframework-3.2.1-11.9.amzn1.noarch
src:
ย ย ย apache-commons-collections-3.2.1-11.9.amzn1.src
Additional References
Red Hat: CVE-2015-7501
Mitre: CVE-2015-7501
Related
nessus
nessus
CentOS 5 : jakarta-commons-collections (CESA-2015:2671)
2015-12-22 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2500)
2015-11-24 00:00:00
redhat
redhat
(RHSA-2015:2521) Important: jakarta-commons-collections security update
2015-11-30 00:00:00
(RHSA-2016:0040) Critical: Red Hat JBoss Operations Network 3.1.2 Hotfix 11 update
2016-01-14 18:31:06
(RHSA-2015:2671) Important: jakarta-commons-collections security update
2015-12-21 00:00:00
prion
prion
Input validation
2017-11-09 17:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0012)
2016-01-14 00:00:00
RedHat Update for apache-commons-collections RHSA-2015:2522-01
2015-12-01 00:00:00
Oracle: Security Advisory (ELSA-2015-2521)
2015-12-02 00:00:00
oraclelinux
oraclelinux
jakarta-commons-collections security update
2015-12-21 00:00:00
apache-commons-collections security update
2015-11-30 00:00:00
jakarta-commons-collections security update
2015-11-30 00:00:00
cvelist
cvelist
CVE-2015-7501
2017-11-09 00:00:00
mageia
mageia
Updated apache-commons-collections packages fix security vulnerability
2016-01-14 04:44:39
checkpoint_advisories
checkpoint_advisories
osv
osv
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20
seebug
seebug
Red Hat JBoss Portalๅฎๅ
จ็ป่ฟๆผๆด
2015-12-04 00:00:00
cve
cve
CVE-2015-7501
2017-11-09 17:29:00
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)
2023-07-21 11:52:23
centos
centos
apache security update
2015-12-01 22:25:12
jakarta security update
2015-12-02 13:38:14
jakarta security update
2015-12-21 11:17:35
github
github
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:08:50
Potential Remote Code Execution Via Java Object Deserialization
2015-11-09 19:34:22
attackerkb
attackerkb
CVE-2015-7501
2017-11-09 00:00:00
f5
f5
K04734219 : Red Hat JBoss vulnerability CVE-2015-7501
2020-02-11 00:00:00
canvas
canvas
Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE
2017-11-09 17:29:00
Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION
2017-11-09 17:29:00
ubuntucve
ubuntucve
CVE-2015-7501
2017-11-09 00:00:00
CVE-2015-4852
2015-11-18 00:00:00
debiancve
debiancve
CVE-2015-7501
2017-11-09 17:29:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00