CVE-2015-6420

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-6420

CGA ID

CGA-r5h6-5gcc-8hm9

Severity

Unknown

Summary

Insecure Deserialization in Apache Commons Collection

Description

Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.

References

https://images.chainguard.dev/security/CGA-r5h6-5gcc-8hm9
https://github.com/advisories/GHSA-6hgm-866r-3cjv
https://nvd.nist.gov/vuln/detail/CVE-2015-6420
https://arxiv.org/pdf/2306.05534
https://github.com/apache/commons-collections
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E
https://www.kb.cert.org/vuls/id/581311
https://www.tenable.com/security/research/tra-2017-14
https://www.tenable.com/security/research/tra-2017-23
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.securityfocus.com/bid/78872

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2015-6420

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources