Lucene search
RedHatRHSA-2015:2536HistoryDec 01, 2015 - 8:21 p.m.
(RHSA-2015:2536) Critical: Red Hat JBoss Enterprise Application Platform 6.3 security update
2015-12-0120:21:51
access.redhat.com
39
0.018 Low
EPSS
Percentile
88.4%
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this security flaw may be found at:
https://access.redhat.com/solutions/2045023
All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat
Enterprise Linux 6 are advised to upgrade to these updated packages.
The JBoss server process must be restarted for the update to take effect.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | src | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el6 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el6.src.rpm |
| RedHat | 6 | noarch | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el6 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el6.noarch.rpm |
| RedHat | 7 | src | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el7 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el7.src.rpm |
| RedHat | 5 | src | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el5 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el5.src.rpm |
| RedHat | 5 | noarch | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el5 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el5.noarch.rpm |
| RedHat | 7 | noarch | apache-commons-collections-eap6 | <ย 3.2.1-16.redhat_5.1.ep6.el7 | apache-commons-collections-eap6-3.2.1-16.redhat_5.1.ep6.el7.noarch.rpm |
Related
nessus
nessus
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2500)
2015-11-24 00:00:00
Scientific Linux Security Update : jakarta-commons-collections on SL5.x i386/x86_64 (20151221)
2015-12-22 00:00:00
CentOS 5 : jakarta-commons-collections (CESA-2015:2671)
2015-12-22 00:00:00
openvas
openvas
RedHat Update for apache-commons-collections RHSA-2015:2522-01
2015-12-01 00:00:00
Mageia: Security Advisory (MGASA-2016-0012)
2016-01-14 00:00:00
CentOS Update for jakarta-commons-collections CESA-2015:2521 centos6
2015-12-03 00:00:00
redhat
redhat
nvd
nvd
CVE-2015-7501
2017-11-09 17:29:00
prion
prion
Input validation
2017-11-09 17:29:00
checkpoint_advisories
checkpoint_advisories
osv
osv
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20
cve
cve
CVE-2015-7501
2017-11-09 17:29:00
centos
centos
jakarta security update
2015-12-02 13:38:14
apache security update
2015-12-01 22:25:12
jakarta security update
2015-12-21 11:17:35
github
github
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)
2023-07-21 11:52:23
seebug
seebug
Red Hat JBoss Portalๅฎๅ
จ็ป่ฟๆผๆด
2015-12-04 00:00:00
attackerkb
attackerkb
CVE-2015-7501
2017-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2015-7501
2017-11-09 00:00:00
CVE-2015-4852
2015-11-18 00:00:00
canvas
canvas
Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE
2017-11-09 17:29:00
Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION
2017-11-09 17:29:00
amazon
amazon
Important: apache-commons-collections
2015-12-14 10:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:08:50
Potential Remote Code Execution Via Java Object Deserialization
2015-11-09 19:34:22
f5
f5
K04734219 : Red Hat JBoss vulnerability CVE-2015-7501
2020-02-11 00:00:00
mageia
mageia
Updated apache-commons-collections packages fix security vulnerability
2016-01-14 04:44:39
cvelist
cvelist
CVE-2015-7501
2017-11-09 00:00:00
oraclelinux
oraclelinux
jakarta-commons-collections security update
2015-12-21 00:00:00
apache-commons-collections security update
2015-11-30 00:00:00
jakarta-commons-collections security update
2015-11-30 00:00:00
debiancve
debiancve
CVE-2015-7501
2017-11-09 17:29:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00