Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:1847
HistoryNov 09, 2015 - 7:34 p.m.

Potential Remote Code Execution Via Java Object Deserialization

2015-11-0919:34:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
63

EPSS

0.97

Percentile

99.8%

JSON

Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It’s not necessary to actually use InvokerTransfomer to be vulnerable. With these two criteria satisfied, an attacker may construct a gadget chain using classes in the component to execute arbitrary code. The chain relies on the class InvokerTransformer in the org.apache.commons.collections.functors package to invoke methods during the deserialization process. The fix prevents deserialization of InvokerTransformer by default unless it’s specifically enabled. CVE-2015-4852, CVE-2015-6420, CVE-2015-7501, and CVE-2015-7450 are all related to this artifact.

References

Related

myhack58 1
canvas 1
ubuntucve 1
ibm 105
saint 8
nuclei 1
checkpoint_advisories 3
nessus 16
cisa_kev 2
cvelist 3
exploitdb 4
nvd 3
openvas 10
prion 3
zdt 4
packetstorm 3
f5 2
osv 2
exploitpack 1
attackerkb 2
metasploit 2
cve 3
ubuntu 1
redhat 12
mageia 1
oraclelinux 1
centos 2
seebug 1
github 1
myhack58
myhack58
The use of server vulnerability mining black production case study-vulnerability warning-the black bar safety net
2017-03-15 00:00:00
canvas
canvas
Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION
2017-11-09 17:29:00
ubuntucve
ubuntucve
CVE-2015-4852
2015-11-18 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Commons Collections affect IBM InfoSphere Information Server
2022-10-14 22:00:35
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution due to use of Apache Commons Collections (multiple vulnerabilities)
2022-11-22 16:37:00
Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)
2020-10-20 11:33:26
saint
saint
IBM WebSphere Management Server Apache Commons
2016-02-03 00:00:00
Oracle WebLogic Apache Commons library deserialization vulnerability
2015-11-20 00:00:00
Oracle WebLogic Apache Commons library deserialization vulnerability
2015-11-20 00:00:00
nuclei
nuclei
IBM WebSphere Java Object Deserialization - Remote Code Execution
2021-09-01 15:13:55
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server Commons-Collections Library Remote Code Execution (CVE-2015-7450)
2015-11-25 00:00:00
WebLogic Apache Commons Java Collections Library Remote Code Execution (CVE-2015-4852)
2015-11-19 00:00:00
WebSphere Server and JBoss Platform Apache Commons Collections Remote Code Execution (CVE-2015-7501)
2015-11-17 00:00:00
nessus
nessus
IBM WebSphere Java Object Deserialization RCE
2015-12-02 00:00:00
Ubuntu 14.04 LTS : Apache Commons Collections vulnerability (USN-6936-1)
2024-08-01 00:00:00
F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)
2015-12-17 00:00:00
cisa_kev
cisa_kev
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
2021-11-03 00:00:00
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
2022-01-10 00:00:00
cvelist
cvelist
CVE-2015-4852
2015-11-18 15:00:00
CVE-2015-7450
2016-01-02 21:00:00
CVE-2015-7501
2017-11-09 00:00:00
exploitdb
exploitdb
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
2017-09-27 00:00:00
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
2019-03-28 00:00:00
IBM WebSphere - RCE Java Deserialization (Metasploit)
2017-03-15 00:00:00
nvd
nvd
CVE-2015-4852
2015-11-18 15:59:00
CVE-2015-7450
2016-01-02 21:59:15
CVE-2015-7501
2017-11-09 17:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-6936-1)
2024-08-01 00:00:00
Oracle WebLogic Server RCE Vulnerability
2015-11-17 00:00:00
IBM WebSphere Application Server Unserialize Vulnerability
2015-11-17 00:00:00
prion
prion
Code injection
2015-11-18 15:59:00
Design/Logic Flaw
2016-01-02 21:59:00
Input validation
2017-11-09 17:29:00
zdt
zdt
Oracle Weblogic Server Deserialization Remote Code Execution Exploit
2019-03-27 00:00:00
Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution
2018-04-29 00:00:00
IBM WebSphere Remote Code Execution Java Deserialization Exploit
2017-03-15 00:00:00
packetstorm
packetstorm
IBM WebSphere Remote Code Execution Java Deserialization
2017-03-14 00:00:00
Oracle WebLogic Server Java Deserialization Remote Code Execution
2017-09-29 00:00:00
Oracle Weblogic Server Deserialization Remote Code Execution
2019-03-27 00:00:00
f5
f5
K30518307 : Java commons-collections library vulnerability CVE-2015-4852
2015-12-15 00:00:00
SOL30518307 - Java commons-collections library vulnerability CVE-2015-4852
2015-12-15 00:00:00
osv
osv
libcommons-collections3-java vulnerability
2024-07-31 18:33:13
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20
exploitpack
exploitpack
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
2017-09-27 00:00:00
attackerkb
attackerkb
CVE-2015-7450
2016-01-02 00:00:00
CVE-2015-4852
2015-11-18 00:00:00
metasploit
metasploit
IBM WebSphere RCE Java Deserialization Vulnerability
2017-03-13 06:22:24
Oracle Weblogic Server Deserialization RCE - Raw Object
2018-12-16 02:26:34
cve
cve
CVE-2015-7450
2016-01-02 21:59:15
CVE-2015-4852
2015-11-18 15:59:00
CVE-2015-7501
2017-11-09 17:29:00
ubuntu
ubuntu
Apache Commons Collections vulnerability
2024-07-31 00:00:00
redhat
redhat
(RHSA-2015:2579) Critical: Red Hat JBoss BPM Suite 6.1.0 commons-collections security update
2015-12-08 16:09:43
(RHSA-2015:2501) Critical: Red Hat JBoss Enterprise Application Platform security update
2015-11-20 18:21:01
(RHSA-2015:2514) Critical: Red Hat JBoss Enterprise Application Platform security update
2015-11-24 18:01:11
mageia
mageia
Updated apache-commons-collections packages fix security vulnerability
2016-01-14 04:44:39
oraclelinux
oraclelinux
jakarta-commons-collections security update
2015-12-21 00:00:00
centos
centos
jakarta security update
2015-12-02 13:38:14
apache security update
2015-12-01 22:25:12
seebug
seebug
Red Hat JBoss Portal安全绕过漏洞
2015-12-04 00:00:00
github
github
Deserialization of Untrusted Data in Apache commons collections
2022-05-13 01:25:20

EPSS

0.97

Percentile

99.8%

JSON
Related for VERACODE:1847
myhack581canvas1ubuntucve1ibm105saint8nuclei1checkpoint_advisories3nessus16cisa_kev2cvelist3exploitdb4nvd3openvas10prion3zdt4packetstorm3f52osv2exploitpack1attackerkb2metasploit2cve3ubuntu1redhat12mageia1oraclelinux1centos2seebug1github1