Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-7501

Опубликовано: 09 нояб. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Высокий

Описание

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:data_grid:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xpaas:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.71461
Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-502

Связанные уязвимости

ubuntu логотип

CVE-2015-7501

CVSS3: 9.8
ubuntu
почти 8 лет назад

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

redhat логотип

CVE-2015-7501

redhat
почти 10 лет назад

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

debian логотип

CVE-2015-7501

CVSS3: 9.8
debian
почти 8 лет назад

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data G ...

github логотип

GHSA-fjq5-5j5f-mvxh

CVSS3: 9.8
github
больше 3 лет назад

Deserialization of Untrusted Data in Apache commons collections

oracle-oval логотип

ELSA-2015-2671

oracle-oval
больше 9 лет назад

ELSA-2015-2671: jakarta-commons-collections security update (IMPORTANT)

EPSS

Процентиль: 99%
0.71461
Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-502