Vulnerabilities > CVE-2015-7501 - Deserialization of Untrusted Data vulnerability in Redhat products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2540.NASL description Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.5 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about the commons-collections flaw may be found at: https://access.redhat.com/solutions/2045023 It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. (CVE-2015-5304) The CVE-2015-5304 issue was discovered by Ladislav Thon of Red Hat Middleware Quality Engineering. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.4, and includes bug fixes and enhancements. Documentation for these changes is available from the link in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87837 published 2016-01-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87837 title RHEL 7 : JBoss EAP (RHSA-2015:2540) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2540. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(87837); script_version("2.18"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2015-5304", "CVE-2015-7501"); script_xref(name:"RHSA", value:"2015:2540"); script_name(english:"RHEL 7 : JBoss EAP (RHSA-2015:2540)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.5 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about the commons-collections flaw may be found at: https://access.redhat.com/solutions/2045023 It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. (CVE-2015-5304) The CVE-2015-5304 issue was discovered by Ladislav Thon of Red Hat Middleware Quality Engineering. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.4, and includes bug fixes and enhancements. Documentation for these changes is available from the link in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2540" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5304" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7501" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-collections-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-core-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-envers-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hibernate4-infinispan-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-ejb-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-hal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-jsf-api_2.1_spec"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remoting3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-security-negotiation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-xnio-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:picketbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/16"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2540"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"jbossas-welcome-content-eap"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP"); if (rpm_check(release:"RHEL7", reference:"apache-commons-collections-eap6-3.2.1-18.redhat_7.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hibernate4-core-eap6-4.2.21-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hibernate4-eap6-4.2.21-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hibernate4-entitymanager-eap6-4.2.21-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hibernate4-envers-eap6-4.2.21-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hibernate4-infinispan-eap6-4.2.21-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"hornetq-2.3.25-7.SP6_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-api-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-impl-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-common-spi-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-core-api-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-core-impl-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-deployers-common-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-jdbc-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-spec-api-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"ironjacamar-validator-eap6-1.0.34-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-appclient-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-cli-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-client-all-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-clustering-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-cmp-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-configadmin-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-connector-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-console-2.5.11-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-controller-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-controller-client-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-core-security-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-deployment-repository-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-deployment-scanner-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-domain-http-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-domain-management-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-ee-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-ee-deployment-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-ejb3-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-embedded-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-host-controller-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jacorb-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jaxr-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jaxrs-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jdr-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jmx-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jpa-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jsf-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-jsr77-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-logging-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-mail-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-management-client-content-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-messaging-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-modcluster-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-naming-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-network-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-configadmin-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-osgi-service-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-picketlink-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-platform-mbean-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-pojo-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-process-controller-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-protocol-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-remoting-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-sar-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-security-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-server-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-system-jmx-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-threads-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-transactions-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-version-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-web-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-webservices-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-weld-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-as-xts-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-ejb-client-1.0.32-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-hal-2.5.11-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-jsf-api_2.1_spec-2.1.28-5.SP1_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-remoting3-3.3.6-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-security-negotiation-2.3.10-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jboss-xnio-base-3.0.15-1.GA_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-appclient-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-bundles-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-core-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-domain-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-javadocs-7.5.5-3.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-modules-eap-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-product-eap-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-standalone-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossas-welcome-content-eap-7.5.5-2.Final_redhat_3.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jbossweb-7.5.12-1.Final_redhat_1.1.ep6.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"picketbox-4.1.2-1.Final_redhat_1.1.ep6.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-collections-eap6 / hibernate4-core-eap6 / etc"); } }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2522.NASL description From Red Hat Security Advisory 2015:2522 : Updated apache-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87119 published 2015-12-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87119 title Oracle Linux 7 : apache-commons-collections (ELSA-2015-2522) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2522 and # Oracle Linux Security Advisory ELSA-2015-2522 respectively. # include("compat.inc"); if (description) { script_id(87119); script_version("2.14"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2015-7501"); script_xref(name:"RHSA", value:"2015:2522"); script_name(english:"Oracle Linux 7 : apache-commons-collections (ELSA-2015-2522)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2522 : Updated apache-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property 'org.apache.commons.collections.enableUnsafeSerialization' to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of apache-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005594.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache-commons-collections packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apache-commons-collections"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apache-commons-collections-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apache-commons-collections-testframework"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:apache-commons-collections-testframework-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"apache-commons-collections-3.2.1-22.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"apache-commons-collections-javadoc-3.2.1-22.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"apache-commons-collections-testframework-3.2.1-22.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"apache-commons-collections-testframework-javadoc-3.2.1-22.el7_2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-collections / apache-commons-collections-javadoc / etc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-618.NASL description It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. last seen 2020-06-01 modified 2020-06-02 plugin id 87344 published 2015-12-15 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87344 title Amazon Linux AMI : apache-commons-collections (ALAS-2015-618) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-618. # include("compat.inc"); if (description) { script_id(87344); script_version("2.12"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2015-7501"); script_xref(name:"ALAS", value:"2015-618"); script_name(english:"Amazon Linux AMI : apache-commons-collections (ALAS-2015-618)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-618.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update apache-commons-collections' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-collections"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-collections-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-collections-testframework"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apache-commons-collections-testframework-javadoc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"apache-commons-collections-3.2.1-11.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"apache-commons-collections-javadoc-3.2.1-11.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"apache-commons-collections-testframework-3.2.1-11.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-commons-collections / apache-commons-collections-javadoc / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2521.NASL description Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87174 published 2015-12-03 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87174 title CentOS 6 : jakarta-commons-collections (CESA-2015:2521) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2521 and # CentOS Errata and Security Advisory 2015:2521 respectively. # include("compat.inc"); if (description) { script_id(87174); script_version("2.15"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-7501"); script_xref(name:"RHSA", value:"2015:2521"); script_name(english:"CentOS 6 : jakarta-commons-collections (CESA-2015:2521)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property 'org.apache.commons.collections.enableUnsafeSerialization' to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2015-December/021512.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cd1e83b8" ); script_set_attribute( attribute:"solution", value:"Update the affected jakarta-commons-collections packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7501"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:jakarta-commons-collections"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:jakarta-commons-collections-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:jakarta-commons-collections-testframework"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:jakarta-commons-collections-testframework-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:jakarta-commons-collections-tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"jakarta-commons-collections-3.2.1-3.5.el6_7")) flag++; if (rpm_check(release:"CentOS-6", reference:"jakarta-commons-collections-javadoc-3.2.1-3.5.el6_7")) flag++; if (rpm_check(release:"CentOS-6", reference:"jakarta-commons-collections-testframework-3.2.1-3.5.el6_7")) flag++; if (rpm_check(release:"CentOS-6", reference:"jakarta-commons-collections-testframework-javadoc-3.2.1-3.5.el6_7")) flag++; if (rpm_check(release:"CentOS-6", reference:"jakarta-commons-collections-tomcat5-3.2.1-3.5.el6_7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-collections / jakarta-commons-collections-javadoc / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2671.NASL description Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87519 published 2015-12-21 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87519 title RHEL 5 : jakarta-commons-collections (RHSA-2015:2671) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2671. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(87519); script_version("2.18"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2015-7501"); script_xref(name:"RHSA", value:"2015:2671"); script_name(english:"RHEL 5 : jakarta-commons-collections (RHSA-2015:2671)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property 'org.apache.commons.collections.enableUnsafeSerialization' to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/solutions/2045023" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2671" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-7501" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections-testframework"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections-testframework-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jakarta-commons-collections-tomcat5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2015/12/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2671"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-debuginfo-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-debuginfo-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-debuginfo-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-testframework-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-testframework-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-testframework-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"jakarta-commons-collections-tomcat5-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"jakarta-commons-collections-tomcat5-3.2-2jpp.4")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"jakarta-commons-collections-tomcat5-3.2-2jpp.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jakarta-commons-collections / jakarta-commons-collections-debuginfo / etc"); } }NASL family CGI abuses NASL id MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL description According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.6.7959. It is, therefore, affected by a remote code execution vulnerability in the JMXInvokerServlet interface due to improper validation of Java objects before deserialization. An authenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-7501) last seen 2020-06-01 modified 2020-06-02 plugin id 96768 published 2017-01-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96768 title MySQL Enterprise Monitor 3.1.x < 3.1.6.7959 Java Object Deserialization RCE (January 2017 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(96768); script_version("1.6"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2015-7501"); script_bugtraq_id(78215); script_xref(name:"CERT", value:"576313"); script_name(english:"MySQL Enterprise Monitor 3.1.x < 3.1.6.7959 Java Object Deserialization RCE (January 2017 CPU)"); script_summary(english:"Checks the version of MySQL Enterprise Monitor."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.6.7959. It is, therefore, affected by a remote code execution vulnerability in the JMXInvokerServlet interface due to improper validation of Java objects before deserialization. An authenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-7501)"); # https://dev.mysql.com/doc/relnotes/mysql-monitor/3.1/en/news-3-1-6.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0752b1b7"); # http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1c38e52"); # https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9c6d83db"); script_set_attribute(attribute:"solution", value: "Upgrade to MySQL Enterprise Monitor version 3.1.6.7959 or later as referenced in the January 2017 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:U/RC:X"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7501"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql_enterprise_monitor"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mysql_enterprise_monitor_web_detect.nasl"); script_require_keys("installed_sw/MySQL Enterprise Monitor", "Settings/ParanoidReport"); script_require_ports("Services/www", 18443); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = "MySQL Enterprise Monitor"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:18443); install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE); version = install['version']; install_url = build_url(port:port, qs:"/"); fix = "3.1.6.7959"; vuln = FALSE; if (version =~ "^3\.1($|[^0-9])" && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) vuln = TRUE;; if (vuln) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA_10838.NASL description According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108520 published 2018-03-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108520 title Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108520); script_version("1.7"); script_cvs_date("Date: 2019/06/11 15:17:50"); script_cve_id( "CVE-2015-5174", "CVE-2015-5188", "CVE-2015-5220", "CVE-2015-5304", "CVE-2015-7236", "CVE-2015-7501", "CVE-2016-2141", "CVE-2016-8743", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-12172", "CVE-2017-14106", "CVE-2017-15098", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-0011", "CVE-2018-0012", "CVE-2018-0013" ); script_bugtraq_id( 57974, 76771, 77345, 78215, 79788, 83329, 91481, 95077, 97702, 98888, 99134, 99135, 99137, 99170, 99569, 100262, 100267, 100872, 100878, 101781, 101949 ); script_name(english:"Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)"); script_summary(english:"Checks the version."); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838"); script_set_attribute(attribute:"solution", value:"Upgrade to Junos Space 17.2R1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Junos_Space/version"); exit(0); } include("junos.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Junos_Space/version'); check_junos_space(ver:ver, fix:'17.2R1', severity:SECURITY_HOLE);NASL family Misc. NASL id ORACLE_BI_PUBLISHER_APR_2018_CPU.NASL description The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.7.x prior to 11.1.1.7.180417 or 11.1.1.9.x prior to 11.1.1.9.180417, similarly, versions 12.2.1.2.x prior to 12.2.1.2.180116 and 12.2.1.3.x prior to 12.2.1.3.180116 are affected as noted in the April 2018 Critical Patch Update advisory. The Oracle Business Intelligence Publisher installed on the remote host is affected by multiple vulnerabilities: - A vulnerability can be exploited by a remote attacker by sending a crafted serialized Java object. A successful attack would allow the attacker to execute arbitrary commands on the vulnerable server (CVE-2015-7501). - A vulnerability exists on Apache Batik before 1.9. The vulnerability would allow an attacker to send a malicious SVG file to a user. An attacker who successfully exploits this vulnerability could result in the compromise of the server (CVE-2017-5662). Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-05-31 modified 2018-12-28 plugin id 119939 published 2018-12-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119939 title Oracle Business Intelligence Publisher Multiple Vulnerabilities (April 2018 CPU) NASL family Web Servers NASL id JBOSS_JAVA_SERIALIZE.NASL description The remote JBoss server is affected by multiple remote code execution vulnerabilities : - A flaw exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. A remote attacker can exploit this issue to bypass authentication and invoke MBean methods, allowing arbitrary code to be executed in the context of the user running the server. (CVE-2012-0874) - The remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted RMI request, to execute arbitrary code on the target host. (CVE-2015-7501) last seen 2020-06-01 modified 2020-06-02 plugin id 87312 published 2015-12-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87312 title JBoss Java Object Deserialization RCE NASL family Windows NASL id ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL description Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities. - A remote code execution in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Install (Apache Common Collections)). An unauthenticated, remote attacker can exploit this, via a crafted serialized Java object, to bypass authentication and execute arbitrary commands. (CVE-2015-7501) - An unspecified vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). An unauthenticated, remote attacker can exploit this, via HTTP, to obtain access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. (CVE-2017-3542) - A remote code execution in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Third Party Tools (Struts 2)) due to incorrect exception handling and error-message generation during file-upload attempts. An unauthenticated, remote attacker can exploit this, via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, to bypass authentication and execute arbitrary commands. (CVE-2017-5638) In addition, Oracle WebCenter Sites is also affected by several additional vulnerabilities including code execution, denial of service, information disclosure, and other unspecified vulnerabilities. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application last seen 2020-06-05 modified 2020-06-01 plugin id 136998 published 2020-06-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136998 title Oracle WebCenter Sites Multiple Vulnerabilities (April 2017 CPU) NASL family Misc. NASL id ORACLE_WEBLOGIC_SERVER_CPU_OCT_2016.NASL description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the JMXInvokerServlet interface due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-7501) - An unspecified flaw exists in the Java Server Faces subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-3505) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-5488) - An unspecified flaw exists in the WLS-WebServices subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-5531) - An unspecified flaw that allows an unauthenticated, remote attacker to execute arbitrary code. No other details are available. (CVE-2016-5535) - An unspecified flaw exists in the CIE Related subcomponent that allows a local attacker to impact confidentiality and integrity. (CVE-2016-5601) last seen 2020-06-01 modified 2020-06-02 plugin id 94290 published 2016-10-26 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94290 title Oracle WebLogic Server Multiple Vulnerabilities (October 2016 CPU) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2522.NASL description Updated apache-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87179 published 2015-12-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87179 title RHEL 7 : apache-commons-collections (RHSA-2015:2522) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2671.NASL description Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87540 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87540 title CentOS 5 : jakarta-commons-collections (CESA-2015:2671) NASL family Scientific Linux Local Security Checks NASL id SL_20151130_APACHE_COMMONS_COLLECTIONS_ON_SL7_X.NASL description It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons- collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons- collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-03-18 modified 2015-12-01 plugin id 87120 published 2015-12-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87120 title Scientific Linux Security Update : apache-commons-collections on SL7.x (noarch) (20151130) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2538.NASL description Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.5 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about the commons-collections flaw may be found at: https://access.redhat.com/solutions/2045023 It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. (CVE-2015-5304) The CVE-2015-5304 issue was discovered by Ladislav Thon of Red Hat Middleware Quality Engineering. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.4, and includes bug fixes and enhancements. Documentation for these changes is available from the link in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87192 published 2015-12-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87192 title RHEL 5 : JBoss EAP (RHSA-2015:2538) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1773.NASL description An update is now available for Red Hat OpenShift Enterprise 2.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company last seen 2020-06-01 modified 2020-06-02 plugin id 119378 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119378 title RHEL 6 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773) NASL family Misc. NASL id ORACLE_IDENTITY_MANAGEMENT_CPU_JAN_2018.NASL description The remote host is missing the January 2018 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities as described in the January 2018 critical patch update advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 106140 published 2018-01-18 reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106140 title Oracle Identity Manager Multiple Vulnerabilities (January 2018 CPU) NASL family Misc. NASL id ORACLE_OATS_CPU_APR_2016.NASL description The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host. last seen 2020-06-01 modified 2020-06-02 plugin id 90859 published 2016-05-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90859 title Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU) NASL family CGI abuses NASL id MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL description According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.2.1075. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the bundled version of Apache Tomcat in the Manager and Host Manager web applications due to a flaw in the index page when issuing redirects in response to unauthenticated requests for the root directory of the application. An authenticated, remote attacker can exploit this to gain access to the XSRF token information stored in the index page. (CVE-2015-5351) - A remote code execution vulnerability exists in the JMXInvokerServlet interface due to improper validation of Java objects before deserialization. An authenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2015-7501) - A remote code execution vulnerability exists in the Framework subcomponent that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-0635) - An information disclosure vulnerability exists in the bundled version of Apache Tomcat that allows a specially crafted web application to load the StatusManagerServlet. An authenticated, remote attacker can exploit this to gain unauthorized access to a list of all deployed applications and a list of the HTTP request lines for all requests currently being processed. (CVE-2016-0706) - A remote code execution vulnerability exists in the bundled version of Apache Tomcat due to a flaw in the StandardManager, PersistentManager, and cluster implementations that is triggered when handling persistent sessions. An authenticated, remote attacker can exploit this, via a crafted object in a session, to bypass the security manager and execute arbitrary code. (CVE-2016-0714) - A security bypass vulnerability exists in the bundled version of Apache Tomcat due to a failure to consider whether ResourceLinkFactory.setGlobalContext callers are authorized. An authenticated, remote attacker can exploit this, via a web application that sets a crafted global context, to bypass intended SecurityManager restrictions and read or write to arbitrary application data or cause a denial of service condition. (CVE-2016-0763) last seen 2020-06-01 modified 2020-06-02 plugin id 96769 published 2017-01-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96769 title MySQL Enterprise Monitor 3.2.x < 3.2.2.1075 Multiple Vulnerabilities (January 2017 CPU) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2671.NASL description From Red Hat Security Advisory 2015:2671 : Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87547 published 2015-12-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87547 title Oracle Linux 5 : jakarta-commons-collections (ELSA-2015-2671) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2539.NASL description Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.5 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about the commons-collections flaw may be found at: https://access.redhat.com/solutions/2045023 It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. (CVE-2015-5304) The CVE-2015-5304 issue was discovered by Ladislav Thon of Red Hat Middleware Quality Engineering. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.4, and includes bug fixes and enhancements. Documentation for these changes is available from the link in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87193 published 2015-12-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87193 title RHEL 6 : JBoss EAP (RHSA-2015:2539) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2542.NASL description Updated jboss-ec2-eap packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat JBoss Enterprise Application Platform 6.4.4 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about the commons-collections flaw may be found at: https://access.redhat.com/solutions/2045023 It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. (CVE-2015-5304) The CVE-2015-5304 issue was discovered by Ladislav Thon of Red Hat Middleware Quality Engineering. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.5. Documentation for these changes is available from the link in the References section. All jboss-ec2-eap users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87194 published 2015-12-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87194 title RHEL 6 : JBoss EAP (RHSA-2015:2542) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2536.NASL description Updated packages that fix one security issue for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.3 are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87191 published 2015-12-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87191 title RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2536) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2521.NASL description Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87102 published 2015-11-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87102 title RHEL 6 : jakarta-commons-collections (RHSA-2015:2521) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2521.NASL description From Red Hat Security Advisory 2015:2521 : Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87118 published 2015-12-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87118 title Oracle Linux 6 : jakarta-commons-collections (ELSA-2015-2521) NASL family Web Servers NASL id SUN_JAVA_WEB_SERVER_7_0_27.NASL description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact. last seen 2020-06-01 modified 2020-06-02 plugin id 106349 published 2018-01-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106349 title Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU) NASL family Scientific Linux Local Security Checks NASL id SL_20151130_JAKARTA_COMMONS_COLLECTIONS_ON_SL6_X.NASL description It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons- collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons- collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-03-18 modified 2015-12-01 plugin id 87121 published 2015-12-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87121 title Scientific Linux Security Update : jakarta-commons-collections on SL6.x (noarch) (20151130) NASL family Scientific Linux Local Security Checks NASL id SL_20151221_JAKARTA_COMMONS_COLLECTIONS_ON_SL5_X.NASL description It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons- collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons- collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-03-18 modified 2015-12-22 plugin id 87587 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87587 title Scientific Linux Security Update : jakarta-commons-collections on SL5.x i386/x86_64 (20151221) NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory. last seen 2020-03-18 modified 2018-01-24 plugin id 106299 published 2018-01-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106299 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2522.NASL description Updated apache-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property last seen 2020-06-01 modified 2020-06-02 plugin id 87161 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87161 title CentOS 7 : apache-commons-collections (CESA-2015:2522) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2500.NASL description Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 6.4, which fix one security issue, are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5, 6, and 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87044 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87044 title RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2015:2500) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2535.NASL description Updated packages for the Apache commons-collections library for Red Hat JBoss Enterprise Application Platform 5.2, which fix one security issue, are now available for Red Hat Enterprise Linux 4, 5, and 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat JBoss Enterprise Application Platform 5 is a platform for Java applications based on JBoss Application Server 6. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of Red Hat JBoss Enterprise Application Platform 5.2 on Red Hat Enterprise Linux 4, 5, and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 87190 published 2015-12-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87190 title RHEL 5 / 6 : JBoss EAP (RHSA-2015:2535)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | 漏洞详情: Red Hat JBoss Portal是美国红帽(RedHat)公司的一套开源且符合标准的门户平台。该平台可搭建、布局一个门户网站的Web界面,用于发布、管理内容以及定制用户体验。 Red Hat JBoss Portal 6.x版本中存在安全漏洞。攻击者可利用该漏洞绕过安全限制。 详情: apache commons-collections库的更新包,修复了一个安全问题,现在可供Red Hat JBoss Portal 6.2.0红帽客户门户。 Red Hat JBoss Portal的开源实现Java EE的服务和门户服务运行在Red Hat JBoss企业应用程序平台。 发现Apachecommons-collections库允许代码执行反序列化对象时涉及到一个特殊结构的的重链类。 远程攻击者可以利用这个漏洞执行任意代码使用commons-collections库与应用程序的权限。(cve - 2015 - 7501)进一步的信息安全漏洞可以在这个网站上找到: https://access.redhat.com/solutions/2045023 |
| id | SSV:89999 |
| last seen | 2018-02-03 |
| modified | 2015-12-04 |
| published | 2015-12-04 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-89999 |
| title | Red Hat JBoss Portal安全绕过漏洞 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1279330
- https://access.redhat.com/solutions/2045023
- https://access.redhat.com/security/vulnerabilities/2059393
- http://www.securitytracker.com/id/1037640
- http://www.securitytracker.com/id/1037053
- http://www.securitytracker.com/id/1037052
- http://www.securitytracker.com/id/1034097
- http://www.securityfocus.com/bid/78215
- https://rhn.redhat.com/errata/RHSA-2015-2536.html
- http://rhn.redhat.com/errata/RHSA-2016-1773.html
- http://rhn.redhat.com/errata/RHSA-2016-0040.html
- http://rhn.redhat.com/errata/RHSA-2015-2671.html
- http://rhn.redhat.com/errata/RHSA-2015-2670.html
- http://rhn.redhat.com/errata/RHSA-2015-2524.html
- http://rhn.redhat.com/errata/RHSA-2015-2522.html
- http://rhn.redhat.com/errata/RHSA-2015-2521.html
- http://rhn.redhat.com/errata/RHSA-2015-2517.html
- http://rhn.redhat.com/errata/RHSA-2015-2516.html
- http://rhn.redhat.com/errata/RHSA-2015-2514.html
- http://rhn.redhat.com/errata/RHSA-2015-2502.html
- http://rhn.redhat.com/errata/RHSA-2015-2501.html
- http://rhn.redhat.com/errata/RHSA-2015-2500.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://security.netapp.com/advisory/ntap-20240216-0010/