VDB
RHSA-2015%3A2501
RHSA-2015%3A2501
PUBLISHED
CVSS 7.5 HIGH
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.1 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.2 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.4 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 6.3 |
Exploit Intelligence
- (CVE-2015-7501)JBoss JMXInvokerServlet 反序列化漏洞 (github-poc-repo)
- (CVE-2015-7501)JBoss JMXInvokerServlet 反序列化漏洞 (github-poc)
- cfm_waf.lua (github-poc)
- TrivyFindingParserTest.java (github-poc)
- cve_version_check.go (github-poc)
- scanner.go (github-poc)
- nuclei_routing.go (github-poc)
Timeline
- Nov 20, 2015 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2015:2501 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.3.0 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.2.0 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.1.1 advisory
- https://access.redhat.com/solutions/2045023 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1279330 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2501.json advisory
- https://access.redhat.com/security/cve/CVE-2015-7501 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-7501 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-7501 advisory
- http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ advisory