CVE-2015-7501

Public on 2015-12-14

Modified on 2015-12-13

Description

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Severity

Critical

See what this means

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	apache-commons-collections	2015-12-14	ALAS-2015-618

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	7.5	AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD	CVSSv2	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD	CVSSv3	9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2015-7501 Mitre: CVE-2015-7501