Apache Commons Java Library Remote Code Execution Vulnerability
Last Update Date:
10 Nov 2015 11:36
Release Date:
10 Nov 2015
4327
Views
RISK: Extremely High Risk
TYPE: Clients - Productivity Products
A vulnerability was identified in Apache Commons Components. A remote user can execute arbitrary code on the target system.
Impact
- Remote Code Execution
System / Technologies affected
- Applications that deserialize untrusted Java objects may be affected.
- Applications that use other libraries (e.g., Groovy, Spring) may also be affected.
- Application servers (e.g., WebLogic, WebSphere, JBoss) may be affected
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- No official solution is currently available.
- A manual fix was proposed at http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thefix
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with