[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2015:2671 -- centos 5 jakarta-commons-collections

ID: oval:org.secpod.oval:def:203796Date: (C)2015-12-30   (M)2024-02-19
Class: PATCHFamily: unix




The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed : 1279330 - CVE-2015-7501 apache-commons-collections: InvokerTransformer code execution during deserialisation 6. Package List: Red Hat Enterprise Linux Desktop : Source: jakarta-commons-collections-3.2-2jpp.4.src.rpm i386: jakarta-commons-collections-debuginfo-3.2-2jpp.4.i386.rpm jakarta-commons-collections-tomcat5-3.2-2jpp.4.i386.rpm x86_64: jakarta-commons-collections-debuginfo-3.2-2jpp.4.x86_64.rpm jakarta-commons-collections-tomcat5-3.2-2jpp.4.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation : Source: jakarta-commons-collections-3.2-2jpp.4.src.rpm i386: jakarta-commons-collections-3.2-2jpp.4.i386.rpm jakarta-commons-collections-debuginfo-3.2-2jpp.4.i386.rpm jakarta-commons-collections-javadoc-3.2-2jpp.4.i386.rpm jakarta-commons-collections-testframework-3.2-2jpp.4.i386.rpm jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4.i386.rpm x86_64: jakarta-commons-collections-3.2-2jpp.4.x86_64.rpm jakarta-commons-collections-debuginfo-3.2-2jpp.4.x86_64.rpm jakarta-commons-collections-javadoc-3.2-2jpp.4.x86_64.rpm jakarta-commons-collections-testframework-3.2-2jpp.4.x86_64.rpm jakarta-commons-collections-testframework-javadoc-3.2-2jpp.4.x86_64.rpm Red Hat Enterprise Linux : Source: jakarta-commons-collections-3.2-2jpp.4.src*.

Platform:
CentOS 5
Product:
jakarta-commons-collections
Reference:
CESA-2015:2671
CVE-2015-7501
CVE    1
CVE-2015-7501
CPE    2
cpe:/o:centos:centos:5
cpe:/a:apache:jakarta-commons-collections

© SecPod Technologies