commons-collections is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary commands via a malicious serialized Java object.
CPE | Name | Operator | Version |
---|---|---|---|
apache commons collections | le | 3.2.1 | |
apache commons collections | eq | 4.0 |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.securityfocus.com/bid/78872
github.com/apache/commons-collections/commit/e585cd0433ae4cfbc56e58572b9869bd0c86b611
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
issues.apache.org/jira/browse/COLLECTIONS-580
lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
www.kb.cert.org/vuls/id/581311
www.tenable.com/security/research/tra-2017-14
www.tenable.com/security/research/tra-2017-23