all things security
Showing 1 - 7 of 7 RSS Feed

CVE-2016-2510

Status Candidate

Overview

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Related Files

Red Hat Security Advisory 2016-2035-01
Posted Oct 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2035-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3192, CVE-2015-5344, CVE-2015-5348, CVE-2015-7940, CVE-2016-2141, CVE-2016-2510, CVE-2016-4437
MD5 | 5ce3034b80f50139e6e2e772c6b39adc
Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
MD5 | 19d549e2bf200ce1007cbd7889159a9f
Red Hat Security Advisory 2016-1135-01
Posted May 26, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1135-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2014-9527, CVE-2016-2510
MD5 | 6941b3dbbdcc28c9e09fc9429ea1ed91
Red Hat Security Advisory 2016-0540-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0540-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.2 serves as a replacement for Red Hat JBoss BRMS 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
MD5 | f2dc4bca3037500239a1bc5e582add50
Red Hat Security Advisory 2016-0539-01
Posted Mar 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.2 serves as a replacement for Red Hat JBoss BPM Suite 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2016-2510
MD5 | d90a95192eb0b78501306eb54a12397e
Ubuntu Security Notice USN-2923-1
Posted Mar 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2923-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2510
MD5 | 3dd952ab787ad6603c935b5c78acadce
Debian Security Advisory 3504-1
Posted Mar 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3504-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute classpath are vulnerable to this flaw if they deserialize data from an untrusted source.

tags | advisory, java
systems | linux, debian
advisories | CVE-2016-2510
MD5 | 846dd04b204e3e2aed358a2f57a400cf
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close