VDB
RHSA-2016%3A0066
RHSA-2016%3A0066
PUBLISHED
CVSS 9.600000381469727 CRITICAL
A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
Risk Scores
CVSS 3.0
9.600000381469727
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Data Virtualization 6.2 |
Timeline
- Jan 25, 2016 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2016:0066 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.2.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1243934 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0066.json advisory
- https://access.redhat.com/security/cve/CVE-2015-3253 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-3253 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-3253 advisory
- http://seclists.org/oss-sec/2015/q3/121 advisory