 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882333 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for jakarta-commons-collections CESA-2015:2521 centos6 |
| Summary: | Check the version of jakarta-commons-collections |
| Description: | Summary: Check the version of jakarta-commons-collections Vulnerability Insight: The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property 'org.apache.commons.collections.enableUnsafeSerialization' to re-enable their deserialization. Further information about this security flaw may be found at the linked references. All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to the linked KB article. 5. Bugs fixed: 1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: jakarta-commons-collections-3.2.1-3.5.el6_7.src.rpm noarch: jakarta-commons-collections-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-javadoc-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-testframework-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-testframework-javadoc-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-3.5.el6_7.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: jakarta-commons-collections-3.2.1-3.5.el6_7.src.rpm noarch: jakarta-commons-collections-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-javadoc-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-testframework-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-testframework-javadoc-3.2.1-3.5.el6_7.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-3.5. ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: jakarta-commons-collections on CentOS 6 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7501 BugTraq ID: 78215 http://www.securityfocus.com/bid/78215 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://access.redhat.com/security/vulnerabilities/2059393 https://access.redhat.com/solutions/2045023 https://bugzilla.redhat.com/show_bug.cgi?id=1279330 https://www.oracle.com/security-alerts/cpujul2020.html RedHat Security Advisories: RHSA-2015:2500 http://rhn.redhat.com/errata/RHSA-2015-2500.html RedHat Security Advisories: RHSA-2015:2501 http://rhn.redhat.com/errata/RHSA-2015-2501.html RedHat Security Advisories: RHSA-2015:2502 http://rhn.redhat.com/errata/RHSA-2015-2502.html RedHat Security Advisories: RHSA-2015:2514 http://rhn.redhat.com/errata/RHSA-2015-2514.html RedHat Security Advisories: RHSA-2015:2516 http://rhn.redhat.com/errata/RHSA-2015-2516.html RedHat Security Advisories: RHSA-2015:2517 http://rhn.redhat.com/errata/RHSA-2015-2517.html RedHat Security Advisories: RHSA-2015:2521 http://rhn.redhat.com/errata/RHSA-2015-2521.html RedHat Security Advisories: RHSA-2015:2522 http://rhn.redhat.com/errata/RHSA-2015-2522.html RedHat Security Advisories: RHSA-2015:2524 http://rhn.redhat.com/errata/RHSA-2015-2524.html RedHat Security Advisories: RHSA-2015:2536 https://rhn.redhat.com/errata/RHSA-2015-2536.html RedHat Security Advisories: RHSA-2015:2670 http://rhn.redhat.com/errata/RHSA-2015-2670.html RedHat Security Advisories: RHSA-2015:2671 http://rhn.redhat.com/errata/RHSA-2015-2671.html RedHat Security Advisories: RHSA-2016:0040 http://rhn.redhat.com/errata/RHSA-2016-0040.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.securitytracker.com/id/1034097 http://www.securitytracker.com/id/1037052 http://www.securitytracker.com/id/1037053 http://www.securitytracker.com/id/1037640 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |