Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2015-618

Related Vulnerabilities: CVE-2015-7501  

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Source

ALAS-2015-618

Amazon Linux AMI Security Advisory: ALAS-2015-618
Advisory Release Date: 2015-12-14 10:00 Pacific
Advisory Updated Date: 2015-12-13 14:19 Pacific
Severity: Important
References: CVE-2015-7501 
Issue Overview:

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.


Affected Packages:

apache-commons-collections


Issue Correction:
Run yum update apache-commons-collections to update your system.

New Packages:
noarch:
    apache-commons-collections-testframework-javadoc-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-javadoc-3.2.1-11.9.amzn1.noarch
    apache-commons-collections-testframework-3.2.1-11.9.amzn1.noarch

src:
    apache-commons-collections-3.2.1-11.9.amzn1.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started