Lucene search
Veracode Vulnerability DatabaseVERACODE:5546HistoryDec 11, 2017 - 1:11 a.m.
Remote Code Execution (RCE)
2017-12-1101:11:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.026 Low
EPSS
Percentile
90.4%
Apache Synapse uses a vulnerable version of commons-collections. This allows attackers to exploit the use of the vulnerable library to perform remote code execution (RCE) attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache synapse | le | 3.0.0 | |
| apache synapse - core | le | 3.0.0 | |
| apache synapse | le | 3.0.0 | |
| apache synapse - core | le | 3.0.0 |
References
seclists.org/oss-sec/2017/q4/378
www.securityfocus.com/bid/102154
commons.apache.org/proper/commons-collections/security-reports.html
lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E
lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6@%3Ccommits.doris.apache.org%3E
security.gentoo.org/glsa/202107-37
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujul2020.html
Related
prion
prion
Remote code execution
2017-12-11 15:29:00
nessus
nessus
GLSA-202107-37 : Apache Commons Collections: Remote code execution
2022-01-24 00:00:00
Apache Synapse < 3.0.1 Remote Code Execution Vulnerability
2020-11-03 00:00:00
cve
cve
CVE-2017-15708
2017-12-11 15:29:00
github
github
Remote Code Execution in Apache Synapse
2020-11-04 18:23:25
osv
osv
Remote Code Execution in Apache Synapse
2020-11-04 18:23:25
gentoo
gentoo
Apache Commons Collections: Remote code execution
2021-07-16 00:00:00
nvd
nvd
CVE-2017-15708
2017-12-11 15:29:00
f5
f5
seebug
seebug
Apache Synapse่ฟ็จๅฝไปคๆง่กๆผๆด(CVE-2017-15708)
2017-12-12 00:00:00
cvelist
cvelist
CVE-2017-15708
2017-12-10 00:00:00
mskb
mskb
KB5003279 - SQL Server 2016 Service Pack 3 release information
1970-01-01 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]
2023-07-21 12:22:34
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00