Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.130082
Category:Mageia Linux Local Security Checks
Title:Mageia Linux Local Check: mgasa-2015-0296
Summary:Mageia Linux Local Security Checks mgasa-2015-0296
Description:Summary:
Mageia Linux Local Security Checks mgasa-2015-0296

Vulnerability Insight:
When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability (CVE-2015-3253).

Solution:
Update the affected packages to the latest available version.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-3253
BugTraq ID: 75919
http://www.securityfocus.com/bid/75919
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Bugtraq: 20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure (Google Search)
http://www.securityfocus.com/archive/1/536012/100/0/threaded
https://security.gentoo.org/glsa/201610-01
http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
http://www.zerodayinitiative.com/advisories/ZDI-15-365/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed@%3Cnotifications.shardingsphere.apache.org%3E
RedHat Security Advisories: RHSA-2016:0066
http://rhn.redhat.com/errata/RHSA-2016-0066.html
RedHat Security Advisories: RHSA-2016:1376
https://access.redhat.com/errata/RHSA-2016:1376
RedHat Security Advisories: RHSA-2017:2486
https://access.redhat.com/errata/RHSA-2017:2486
RedHat Security Advisories: RHSA-2017:2596
https://access.redhat.com/errata/RHSA-2017:2596
http://www.securitytracker.com/id/1034815
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.