Home > Vulnerability Database > CVE-2015-7501

Mend.io Vulnerability Database

CVE-2015-7501

Good to know:

Date: November 8, 2017

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Language: Java

Severity Score

9.8

Related Resources (38)

Url: https://commons.apache.org/proper/commons-collections/release_4_1.html

Url: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2522.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2502.html

Url: http://www.securityfocus.com/bid/78215

Url: https://github.com/apache/commons-collections

Url: https://github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2517.html

Url: http://rhn.redhat.com/errata/RHSA-2016-1773.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2521.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2524.html

Url: http://www.securitytracker.com/id/1037640

Url: http://rhn.redhat.com/errata/RHSA-2015-2671.html

Url: https://arxiv.org/pdf/2306.05534.pdf

Url: http://rhn.redhat.com/errata/RHSA-2015-2516.html

Url: https://access.redhat.com/solutions/2045023

Url: https://www.oracle.com/security-alerts/cpujul2020.html

Url: http://www.securitytracker.com/id/1034097

Url: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Url: https://issues.apache.org/jira/browse/COLLECTIONS-580.

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Url: https://access.redhat.com/security/vulnerabilities/2059393

Url: https://access.redhat.com/security/cve/CVE-2015-7501

Url: http://rhn.redhat.com/errata/RHSA-2015-2670.html

Url: http://rhn.redhat.com/errata/RHSA-2015-2501.html

Url: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability

Url: https://sourceforge.net/p/collections/code/HEAD/tree

Url: http://rhn.redhat.com/errata/RHSA-2015-2514.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0040.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7501

Url: https://security.netapp.com/advisory/ntap-20240216-0010/

Url: http://www.securitytracker.com/id/1037053

Url: https://rhn.redhat.com/errata/RHSA-2015-2536.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1279330

Url: http://www.securitytracker.com/id/1037052

Url: http://rhn.redhat.com/errata/RHSA-2015-2500.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-7501

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version commons-collections:commons-collections:3.2.2;org.apache.commons:commons-collections4:4.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-7501

Good to know:

Date: November 8, 2017

Language: Java

Severity Score

Related Resources (38)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?