CVE-2015-6420
published 2015-12-15CVE-2015-6420: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.76%
96.9th percentile
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_collections | — | — |
| apache | commons_collections | >= 3.0 < 3.2.2 | 3.2.2 |
| cisco | products | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization↗
- →Detect crafted serialized Java objects submitted to applications using the Apache Commons Collections (ACC) library — look for Java serialization magic bytes (0xACED 0x0005) in network traffic destined for affected application endpoints. ↗
- →Flag applications that accept serialized Java objects from the network without input validation — the attack vector is unauthenticated remote submission of crafted serialized objects. ↗
- →Proof-of-concept exploit code targeting WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic was publicly released on November 6, 2015 by Foxglove Security Group — monitor these platforms for exploitation attempts. ↗
- →Track Cisco bug IDs CSCux17638, CSCux18412, and CSCux21425 for affected Cisco product versions to prioritize patching and detection scope. ↗
- ·Any application or application framework using the ACC library and deserializing arbitrary user-supplied Java serialized data is potentially vulnerable — not limited to Cisco products. ↗
- ·No workarounds are available for this vulnerability; only software updates address it. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Vulnerability in Java Deserialization Affecting Cisco Products
vendor_cisco·2015-12-10
CVE-2015-6420 [HIGH] CWE-20 Vulnerability in Java Deserialization Affecting Cisco Products
Vulnerability in Java Deserialization Affecting Cisco Products
A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. After the vulnerable library on the affected system deserializes the content, the attacker could execute arbitrary code on the system, which could be used to conduct further attacks.
On November 6, 2015, Foxglove Security Group published information about a remote code execution vulnerability that affects multiple rel
Cisco
Vulnerability in Java Deserialization Affecting Cisco Products
vendor_cisco
CVE-2015-6420 Vulnerability in Java Deserialization Affecting Cisco Products
CVE-2015-6420: Vulnerability in Java Deserialization Affecting Cisco Products
A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by submitting crafted input to an application on a targeted system that uses the ACC library. After the vulnerable library on the affected system deserializes the content, the attacker could execute arbitrary code on the system, which could be used to conduct further attacks. On November 6, 2015, Foxglove Security Group published information about a remote code execution vulnerability that affects
OSV
Insecure Deserialization in Apache Commons Collection
osv·2020-06-15
CVE-2015-6420 [HIGH] Insecure Deserialization in Apache Commons Collection
Insecure Deserialization in Apache Commons Collection
Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
GHSA
Insecure Deserialization in Apache Commons Collection
ghsa·2020-06-15
CVE-2015-6420 [HIGH] CWE-502 Insecure Deserialization in Apache Commons Collection
Insecure Deserialization in Apache Commons Collection
Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.
No detection rules found.
No public exploits indexed.
arXiv
PPT4J: Patch Presence Test for Java Binaries
arxiv_fulltext·2024-01-15
PPT4J: Patch Presence Test for Java Binaries
## Abstract
The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult to identify whether patches have been integrated into software, especially if we only have binary files. Therefore, the ability to test whether a patch is applied to the target binary, a.k.a. patch presence test, is crucial for practitioners. However, it is challenging to obtain accurate semantic information from patches, which could lead to incorrect results.
In this paper, we propose a new patch presence test framework named ( ). is designed for open-source Java libraries. It takes Java binaries (i.e. bytecode files) as input, extracts sem
arXiv
A Non-Intrusive and Context-Based Vulnerability Scoring Framework for Cloud Services
arxiv_fulltext·2016-12-07
A Non-Intrusive and Context-Based Vulnerability Scoring Framework for Cloud Services
-1emA Non-Intrusive and Context-Based Vulnerability Scoring
Framework for Cloud Services
Hao Zhuang, Florian Pydde
EPFL
## Abstract
Understanding the severity of vulnerabilities within
cloud services is particularly important
for today's service administrators.
Although many systems, , CVSS, have been built to evaluate
and score the severity of vulnerabilities for administrators,
the scoring schemes employed by these systems fail to take into account
the contextual information of specific services having
these vulnerabilities, such as what roles they play in a particular
service. Such a deficiency makes resulting scores unhelpful.
This paper presents a practical framework, ,
that offers automatic and contextual scoring mechanism
to evaluate the severity of vulnerabilities
for a particu
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserializationhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/bid/78872https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3Ehttps://www.kb.cert.org/vuls/id/581311https://www.tenable.com/security/research/tra-2017-14https://www.tenable.com/security/research/tra-2017-23http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserializationhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.securityfocus.com/bid/78872https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3Ehttps://news.apache.org/foundation/entry/apache_commons_statement_to_widespreadhttps://www.kb.cert.org/vuls/id/576313https://www.kb.cert.org/vuls/id/581311https://www.tenable.com/security/research/tra-2017-14https://www.tenable.com/security/research/tra-2017-23
2015-12-15
Published