Red Hat Security Advisory 2015-2522-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
809e280c3a7b28ef3849dd41013146eafcff4fe7afab41ae20a95a8c92f6d041Red Hat Security Advisory 2015-2521-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
0659db4fb18959becb1b68966660f9369016bb2edbc36966c2eb5bab639f4482Red Hat Security Advisory 2015-2523-01 - The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
1d94e5fd242f7da99f1762e3844877f90673339f11d9af4ce1156c460ea63bd3Red Hat Security Advisory 2015-2524-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
f9546e636f1967b0f887a87c03e59a4a51cc9a02ff48c100b01cffe74ab8a494Red Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
307be76e804ec87b99d8c4285e6c0b866882e5818e8b5c81784f0fb7251ae4c0Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
89a84ea97cadc015b03977c43f2838c425f5b6e67730b5a868ae859c0b8f11b9Red Hat Security Advisory 2015-2514-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on JBoss Application Server. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
75335dd065056ea1cef0c6b958cc10c427ec1190557c5bc7f6542783c250cd63Red Hat Security Advisory 2015-2500-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
3817e8f6587a1c7b3e3fef64ace7842893225be276163b92f3b4ce1a5b15e9faRed Hat Security Advisory 2015-2501-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
8dfd2a2bdac7aa4a57b373e2416d20f244fdbbe50d28b503e42e289d2b773490Red Hat Security Advisory 2015-2502-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
d8df8f2cadccac7dc9d72ba654c954391e3ccf0c051d99ac1337e84e72a93e1e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed