VDB

RHSA-2015%3A2578

RHSA-2015%3A2578 PUBLISHED CVSS 7.5 HIGH

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Risk Scores

CVSS 2.0
7.5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss BRMS 6.1

Timeline

  • Dec 8, 2015 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›