SamHeadrickCx / JavaVulnerableLab-1

lab
GNU General Public License v2.0
0 stars 0 forks source link

CX: CVE-2015-4852 in Maven-commons-collections:commons-collections and 3.2.1 @ JavaVulnerableLab-1.refs/heads/master #63

Open github-actions[bot] opened 1 month ago

github-actions[bot] commented 1 month ago

Description

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to "oracle_common/modules/com.bea.core.apache.commons.collections.jar". The Java artifact causing the deserialization vulnerability is Apache Commons Collections in versions 3.0 through 3.2.1 and version 4.0. NOTE: the scope of this CVE is limited to the WebLogic Server product.

HIGH Vulnerable Package issue exists @ commons-collections:commons-collections in branch refs/heads/master

Vulnerability ID: CVE-2015-4852

Package Name: commons-collections:commons-collections

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2015-11-18T15:59:00

Current Package Version: 3.2.1

Remediation Upgrade Recommendation: 3.2.2

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.