VDB
RHSA-2015%3A2514
RHSA-2015%3A2514
PUBLISHED
CVSS 7.5 HIGH
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 5.2 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 4.3 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 5.1 |
Timeline
- Nov 24, 2015 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2015:2514 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.2.0 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=5.1.2 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=4.3.0.GA_CP10 advisory
- https://access.redhat.com/solutions/2045023 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1279330 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2514.json advisory
- https://access.redhat.com/security/cve/CVE-2015-7501 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-7501 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-7501 advisory
- http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ advisory