Home > Vulnerability Database > CVE-2015-6420

Mend.io Vulnerability Database

CVE-2015-6420

Good to know:

Date: December 14, 2015

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Language: Java

Severity Score

7.3

Related Resources (17)

Url: https://arxiv.org/pdf/2306.05534

Url: https://www.kb.cert.org/vuls/id/576313

Url: https://news.apache.org/foundation/entry/apache_commons_statement_to_widespread

Url: https://github.com/apache/commons-collections

Url: https://www.kb.cert.org/vuls/id/581311

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Url: http://www.securityfocus.com/bid/78872

Url: https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E

Url: https://www.tenable.com/security/research/tra-2017-23

Url: https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

Url: https://www.tenable.com/security/research/tra-2017-14

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-6420

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Url: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Url: https://www.mend.io/vulnerability-database/CVE-2015-6420

Severity Score

7.3

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version commons-collections:commons-collections:3.2.2;org.apache.commons:commons-collections4:4.1

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-6420

Good to know:

Date: December 14, 2015

Language: Java

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?