ID

VAR-201512-0395


CVE

CVE-2015-6420


TITLE

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Trust: 0.8

sources: CERT/CC: VU#581311

DESCRIPTION

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an attacker to implement deserialization attacks and control the EAP Controller server. plural Cisco The serialized object interface of the product contains an arbitrary command execution vulnerability. http://cwe.mitre.org/data/definitions/502.htmlSkillfully crafted serialized by a third party Java An arbitrary command may be executed through the object. Apache Commons Collections (ACC) The library deserialization process is vulnerable. Java Application ACC When using the library directly or within the range accessible by specifying the class path ACC If a library is installed, arbitrary code may be executed. Apache Commons Collections (ACC) Library http://commons.apache.org/proper/commons-collections/ Deserialize untrusted data (CWE-502) 2015 Year 1 Held on the moon AppSec California 2015 In Gabriel Lawrence Mr. and Chris Frohoff He talked about a vulnerability that could deserialize untrusted data and showed that it could execute arbitrary code. Any use of the serialization function that is not appropriate Java Application or Java Libraries are affected by this vulnerability. Deserialize untrusted data (CWE-502) http://cwe.mitre.org/data/definitions/502.html Gabriel Lawrence Mr. and Chris Frohoff Mr. Lecture http://frohoff.github.io/appseccali-marshalling-pickles/ 2015 Year 11 A month Foxglove Security of Stephen Breen Mr. this problem Apache Commons Collections (ACC) Exist in the library, especially for deserializing untrusted data InvokerTransformer It was pointed out that arbitrary code could be executed when using classes. ACC Software that uses the library, WebSphere , Jenkins , WebLogic , OpenNMS Etc. are also affected. Foxglove Security of Stephen Breen Mr (What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.) http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Jenkins https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 WebLogic http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793&sh=&cmid=WWSU12091612MPP001C179 ACC Library version 3.2.1 , 4.0 Both are affected by this vulnerability. version 3.2.1 , 4.0 https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Apache Software Fondation Has posted an official view of the vulnerability on its blog. Here you can find advice on countermeasures and links to related information. In addition, entries related to this vulnerability (COLLECTIONS-580) Is built on a bug management system. Official view https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Entries related to this vulnerability (COLLECTIONS-580) https://issues.apache.org/jira/browse/COLLECTIONS-580 ACC other than, Groovy And Spring The same problem is being investigated for these issues. Lawrence Mr. and Frohoff In his presentation material, Java not only Python And Ruby It is stated that the same problem exists in applications and libraries written in the above. Regardless of the programming language or library used, it is important to fully consider the data serialization capabilities from the software design stage.Apache Commons Collections I'm using a library Java Application or Java Library is optional Java It may be possible to execute code. Also, ACC Even if the library is not used directly, it can be accessed by specifying the class path. ACC If the library exists, any Java It may be possible to execute code. Oracle WebLogic is an application server based on Java (J2EE) architecture of Oracle Corporation of the United States. Red Hat JBOSS is an open source J2EE-based application server from Red Hat. CloudBees Jenkins CI (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by CloudBees. OpenNMS is a set of enterprise-level, Java / XML-based distributed network and system monitoring and management platform from the American OpenNMS company. It can extend or add Java collections framework. A remote command execution vulnerability exists in Java's deserialization process. A remote attacker can exploit this vulnerability by constructing an automatically executed code call chain to attach malicious code to user input and execute arbitrary Java functions or bytecode. The following products and versions are affected: JBoss Enterprise Application Platform 6.4.4, 5.2.0, 4.3.0_CP10, AS (Wildly) 6 and earlier, A-MQ 6.2.0, Fuse 6.2.0, SOA Platform (SOA-P) 5.3.1, Data Grid (JDG) 6.5.0, BRMS (BRMS) 6.1.0, BPMS (BPMS) 6.1.0, Data Virtualization (JDV) 6.1.0, Fuse Service Works (FSW) version 6.0.0, Enterprise Web Server (EWS) version 2.1, version 3.0, Jenkins version 1.555, WebSphere, WebLogic, OpenNMS. Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件,它可以扩展或增加Java集合框架. 多款Cisco产品的ACC库中使用的Java反序列化过程中存在安全漏洞。远程攻击者可通过提交特制的输入利用该漏洞执行任意代码。以下产品及版本受到影响:Cisco Digital Life RMS 1.8.1.1版本,Broadband Access Center Telco Wireless 3.8.1版本;SocialMiner,WebEx Meetings Server 1.x版本,2.x版本;NAC Agent for Windows;InTracer,Network Admission Control (NAC),Visual Quality Experience Server,Visual Quality Experience Tools Server;ASA CX and Cisco Prime Security Manager,Clean Access Manager,NAC Appliance (Clean Access Server),NAC Guest Server,NAC Server,Secure Access Control System (ACS);Access Registrar Appliance,Cloupia Unified Infrastructure Controller,Configuration Professional,Digital Media Manager,Insight Reporter,Prime Access Registrar Appliance,Prime Access Registrar,Prime Collaboration Provisioning,Prime Home,Prime LAN Management Solution (LMS - Solaris),Prime Optical for SPs,Prime Performance Manager,Prime Provisioning for SPs,Prime Provisioning,Prime Service Catalog Virtual Appliance,Security Manager,Data Center Analytics Framework (DCAF);Broadband Access Center Telco Wireless;Computer Telephony Integration Object Server (CTIOS),Hosted Collaboration Mediation Fulfillment,IM and Presence Service (CUPS),IP Interoperability and Collaboration System (IPICS),Management Heartbeat Server,MediaSense,MeetingPlace,Unified Communications Manager (UCM),Unified Communications Manager Session Management Edition (SME),Unified Contact Center Enterprise,Unified Intelligence Center,Unified Intelligent Contact Management Enterprise,Unified Sip Proxy;Media Experience Engines (MXE),Show and Share,TelePresence Exchange System (CTX),Videoscape Conductor;Business Video Services Automation Software (BV),Cloud Email Security,Registered Envelope Service (CRES),Unified Services Delivery Platform (CUSDP),Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool,Unified Communications Upgrade Readiness Assessment,DCAF UCS Collector,Network Change and Configuration Management,Partner Supporting Service (PSS) 1.x版本,SI component of Partner Supporting Service,Serial Number Assessment Service (SNAS),Smart Net Total Care (SNTC). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Advisory ID: cisco-sa-20151209-java-deserialization Revision 1.0 For Public Release: 2015 December 9 16:00 GMT +--------------------------------------------------------------------- Summary ======= A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code. The report contains detailed proof-of-concept code for a number of applications, including WebSphere Application Server, JBoss, Jenkins, OpenNMS, and WebLogic. A wide range of potential impacts includes allowing the attacker to obtain sensitive information. Object serialization is a technique that many programming languages use to convert an object into a sequence of bits for transfer purposes. Deserialization is a technique that reassembles those bits back to an object. Many applications accept serialized objects from the network without performing input validation checks before deserializing it. Additional details about the vulnerability are available at the following links: Official Vulnerability Note from CERT: http://www.kb.cert.org/vuls/id/576313 Foxglove Security: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ Apache Commons Statement: https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread Oracle Security Alert: https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852 Cisco will release software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWaE9BAAoJEIpI1I6i1Mx31a0QALya6VDmcGiyx3AlCzsKGISc 3NJP4PPjVFGjHQmB/+bXn1zXLZ63JgbOZuG9pLxhmJpPMxQI8jeXEHqzVmrA9cOj u/QRGkITxQaRS50cwFJXPDOVWWCTcHLhuk83Ofih8vhC8UPBy1FGMBl5rpVLDkG9 ue8yX5ACEQ078F78dpcnJmbv1Hxu021wI+nM3pn7C/aOrJ1wSNop8KkFZ+VHzbKY aeuMFqhal+ePx+JoIC4JMrTll/BLxjI17tKrzXas6D4zKNGSO0WxnEFjDWuPlc89 2y3DnaVc0eeAVPy3ODN6wJzuro4w69z1GrvXPkBfVe9WNKD1lMGRUPMRwnb/zjxu DT8Ms4LDaVCLDZ01ox3BpuZIDBP1q2Xk6ToObeHUNMSDM9IuMeVOz9BtxJxO8Yp/ YfVaoqkM6Vrf5oXKUvWow0r19+ODp18JUnc8qT7Cj0b9PwtlOUqpsNE+cAzPyZh7 UBYLPm2AZypOgw4ryUf66p3l+NGLvLdA+A1u0m+YfXSrsuEFCosUeppmZMvgzEME 7TDSbOlt6yj9W/U3ioYbhLWk1D2whTyDybXz4MLaPTPxfxozyePOcthU7R/PVGrU M0Do8nugnDXE0rYVRooF3+A/6ahoKUb9QR00O4xN4A94lfXqgc6t+180S4vavgxS g9ZP7zYVhaDCRufDoNVI =nsL1 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05376917 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05376917 Version: 1 HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-01-18 Last Updated: 2017-01-18 Potential Security Impact: Remote: Arbitrary Code Execution, Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access to Files Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE Insight Control server provisioning (ICsp) software. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), arbitrary code execution, arbitrary command execution, unauthorized access to files or disclosure of sensitive information. References: - CVE-2015-6420 - Cisco routing and switching, execution of code - CVE-2016-0702 - OpenSSL, disclosure of information, "CacheBleed" - CVE-2016-0705 - OpenSSL, denial of service (DoS) - CVE-2016-0797 - OpenSSL, denial of service (DoS) - CVE-2016-0799 - OpenSSL, denial of service (DoS) - CVE-2016-2842 - OpenSSL, denial of service (DoS) - CVE-2015-7547 - glibc, denial of service (DoS) - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS) - CVE-2014-4877 - wget, execution of arbitrary code SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Insight Control server provisioning all versions prior to 7.6 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2014-0050 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2014-4877 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) CVE-2015-6420 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2015-7547 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2016-0702 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) CVE-2016-0705 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-0797 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-0799 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-2842 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of HPE Insight Control server provisioning (ICsp). Please download the latest version of Insight Control server provisioning (ICsp)-7.6 from the following location: * <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=IMDVD> HISTORY Version:1 (rev.1) - 18 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 5.94

sources: NVD: CVE-2015-6420 // CERT/CC: VU#581311 // CERT/CC: VU#576313 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // CNNVD: CNNVD-201512-421 // CNNVD: CNNVD-201511-241 // CNNVD: CNNVD-201512-420 // BID: 77521 // VULMON: CVE-2015-6420 // PACKETSTORM: 134752 // PACKETSTORM: 140605

AFFECTED PRODUCTS

vendor:apachemodel:commons collectionsscope:eqversion:4.0

Trust: 2.2

vendor:apachemodel:commons collectionsscope:lteversion:3.2.1

Trust: 1.8

vendor:necmodel:capssuitescope: - version: -

Trust: 1.6

vendor:necmodel:infoframe relational storescope: - version: -

Trust: 1.6

vendor:necmodel:systemdirector enterprisescope: - version: -

Trust: 1.6

vendor:necmodel:webotxscope: - version: -

Trust: 1.6

vendor:apachemodel:commons collectionsscope:eqversion:3.2.1

Trust: 1.2

vendor:tp linkmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:jenkinsmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:unifymodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:commons collectionsscope:lteversion:4.0

Trust: 0.8

vendor:tp linkmodel:eap controllerscope:eqversion:2.5.3

Trust: 0.3

vendor:tp linkmodel:eap controllerscope:eqversion:2.4.8

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:7.5.1

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:7.5

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:7.4

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:7.3

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:7.2

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.5mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.99.2

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5.0.997

Trust: 0.3

vendor:ciscomodel:webex meetings server mr1scope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.5

Trust: 0.3

vendor:ciscomodel:webex meetings server 2.0mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.6

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5.1.131

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5(.1.6)

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5(.1.131)

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.5

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:webex meetings serverscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:visual quality experience tools serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:visual quality experience serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:virtue machine placement toolscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:videoscape conductorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified sip proxyscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified services delivery platformscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified intelligent contact management enterprisescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified intelligence centerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified contact center enterprisescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications upgrade readiness assessmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications manager session management editionscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:telepresence exchange systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:socialminerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:smart net total carescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:si component of partner supporting servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:show and sharescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:serial number assessment servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:security managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:secure access control systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:registered envelope servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime service catalog virtual appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime provisioning for spsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime provisioningscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime performance managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime optical for spsscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime homescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:prime access registrarscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:partner supporting servicescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:network admission controlscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac guest serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nac agentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:meetingplacescope: - version: -

Trust: 0.3

vendor:ciscomodel:mediasensescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:media experience enginesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:management heartbeat serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:intracerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:insight reporterscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:im and presence servicescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:digital media managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:digital life rmsscope:eqversion:1.8.1.1

Trust: 0.3

vendor:ciscomodel:dcaf ucs collectorscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:data center analytics frameworkscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:configuration professionalscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:computer telephony integration object serverscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:communication sizing toolscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:collaboration sizing toolscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:cloupia unified infrastructure controllerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:cloud email securityscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:clean access managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:business video services automation softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:broadband access center telco wirelessscope:eqversion:3.8.1

Trust: 0.3

vendor:ciscomodel:asa cx and cisco prime security managerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:access registrar appliancescope:eqversion:0

Trust: 0.3

vendor:jenkins cimodel:jenkinsscope:eqversion:0

Trust: 0.3

vendor:apachemodel:commons collectionsscope:eqversion:3.0

Trust: 0.3

sources: CERT/CC: VU#581311 // CERT/CC: VU#576313 // BID: 78872 // BID: 77521 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // CNNVD: CNNVD-201512-420 // NVD: CVE-2015-6420

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2015-6420
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2015-6420
value: HIGH

Trust: 1.0

IPA: JVNDB-2015-005930
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-420
value: CRITICAL

Trust: 0.6

VULMON: CVE-2015-6420
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6420
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2015-6420
severity: HIGH
baseScore: 7.5
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2015-005930
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: CERT/CC: VU#576313 // VULMON: CVE-2015-6420 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // CNNVD: CNNVD-201512-420 // NVD: CVE-2015-6420

PROBLEMTYPE DATA

problemtype:CWE-Other

Trust: 1.6

problemtype:CWE-502

Trust: 1.0

sources: JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // NVD: CVE-2015-6420

THREAT TYPE

remote

Trust: 1.9

sources: PACKETSTORM: 134752 // CNNVD: CNNVD-201512-421 // CNNVD: CNNVD-201511-241 // CNNVD: CNNVD-201512-420

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 78872 // BID: 77521

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006448

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#576313

PATCH

title:cisco-sa-20151209-java-deserializationurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Trust: 1.6

title:NV16-002url:http://jpn.nec.com/security-info/secinfo/nv16-002.html

Trust: 1.6

title:Apache Commons statement to widespread Java object de-serialisation vulnerabilityurl:https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread

Trust: 1.6

title:Top Pageurl:http://commons.apache.org/proper/commons-collections/

Trust: 0.8

title:COLLECTIONS-580: Arbitrary remote code execution with InvokerTransformerurl:https://issues.apache.org/jira/browse/COLLECTIONS-580

Trust: 0.8

title:HS16-010url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-010/index.html

Trust: 0.8

title:1970575url:http://www-01.ibm.com/support/docview.wss?uid=swg21970575

Trust: 0.8

title:Jenkins Security Advisory 2015-11-11url:https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Trust: 0.8

title:Secure Coding Guidelines for Java SEurl:http://www.oracle.com/technetwork/java/seccodeguide-139067.html#8

Trust: 0.8

title:Oracle Security Alert for CVE-2015-4852url:http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html

Trust: 0.8

title:HS16-010url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-010/index.html

Trust: 0.8

title:日立ディスクアレイシステムにおけるSVP セキュリティホールurl:http://www.hitachi.co.jp/products/it/storage-solutions/techsupport/sec_info/sec_acc20160328.html

Trust: 0.8

title:Multiple Cisco product Apache Commons Collections Fixes for library arbitrary code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90854

Trust: 0.6

title:Debian CVElist Bug Report Logs: logback: CVE-2017-5929: serialization vulnerability affecting the SocketServer and ServerSocketReceiver componentsurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a2fcdf172bb6bcdc6b94a705615d0184

Trust: 0.1

title:Cisco: Vulnerability in Java Deserialization Affecting Cisco Productsurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151209-java-deserialization

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=79b8774da31f52ed0fc7f5e9561104e9

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8580d3cd770371e2ef0f68ca624b80b0

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:fake-vulnerabilities-java-mavenurl:https://github.com/xthk/fake-vulnerabilities-java-maven

Trust: 0.1

title: - url:https://github.com/andy-r2c/mavenJavaTest

Trust: 0.1

title: - url:https://github.com/learngove/exampleJavaMaven

Trust: 0.1

title: - url:https://github.com/Cheatahh/jvm-reverseshell

Trust: 0.1

title:apkRepairurl:https://github.com/qiqiApink/apkRepair

Trust: 0.1

sources: VULMON: CVE-2015-6420 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // CNNVD: CNNVD-201512-420

EXTERNAL IDS

db:NVDid:CVE-2015-6420

Trust: 3.7

db:CERT/CCid:VU#576313

Trust: 3.6

db:CERT/CCid:VU#581311

Trust: 2.7

db:BIDid:78872

Trust: 1.9

db:JVNid:JVNVU94276522

Trust: 1.6

db:TENABLEid:TRA-2017-14

Trust: 1.6

db:TENABLEid:TRA-2017-23

Trust: 1.6

db:OPENWALLid:OSS-SECURITY/2015/11/11/3

Trust: 1.4

db:BIDid:77521

Trust: 0.9

db:JVNid:JVNVU96340370

Trust: 0.8

db:JVNDBid:JVNDB-2015-006448

Trust: 0.8

db:JVNDBid:JVNDB-2015-005930

Trust: 0.8

db:CNNVDid:CNNVD-201512-421

Trust: 0.6

db:CNNVDid:CNNVD-201511-241

Trust: 0.6

db:AUSCERTid:ESB-2019.3165

Trust: 0.6

db:CNNVDid:CNNVD-201512-420

Trust: 0.6

db:VULMONid:CVE-2015-6420

Trust: 0.1

db:PACKETSTORMid:134752

Trust: 0.1

db:PACKETSTORMid:140605

Trust: 0.1

sources: CERT/CC: VU#581311 // CERT/CC: VU#576313 // VULMON: CVE-2015-6420 // BID: 78872 // BID: 77521 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // PACKETSTORM: 134752 // PACKETSTORM: 140605 // CNNVD: CNNVD-201512-421 // CNNVD: CNNVD-201511-241 // CNNVD: CNNVD-201512-420 // NVD: CVE-2015-6420

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-java-deserialization

Trust: 3.4

url:http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Trust: 2.9

url:https://www.kb.cert.org/vuls/id/576313

Trust: 2.8

url:http://frohoff.github.io/appseccali-marshalling-pickles/

Trust: 2.2

url:https://www.kb.cert.org/vuls/id/581311

Trust: 1.9

url:https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread

Trust: 1.8

url:https://issues.apache.org/jira/browse/collections-580

Trust: 1.7

url:http://cwe.mitre.org/data/definitions/502.html

Trust: 1.6

url:http://jvn.jp/vu/jvnvu94276522/index.html

Trust: 1.6

url:http://www.securityfocus.com/bid/78872

Trust: 1.6

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917

Trust: 1.6

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.6

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722

Trust: 1.6

url:https://www.tenable.com/security/research/tra-2017-14

Trust: 1.6

url:https://www.tenable.com/security/research/tra-2017-23

Trust: 1.6

url:https://wiki.jenkins-ci.org/display/security/jenkins+security+advisory+2015-11-11

Trust: 1.4

url:http://www.openwall.com/lists/oss-security/2015/11/11/3

Trust: 1.4

url:http://www.infoq.com/news/2015/11/commons-exploit

Trust: 1.4

url:https://tersesystems.com/2015/11/08/closing-the-open-door-of-java-object-serialization/

Trust: 1.4

url:http://mail-archives.apache.org/mod_mbox/commons-dev/201511.mbox/%3c20151106222553.00002c57.ecki@zusammenkunft.net%3e

Trust: 1.4

url:http://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles

Trust: 1.4

url:https://www.youtube.com/watch?v=vviy3o-euvq

Trust: 1.4

url:https://commons.apache.org/proper/commons-collections/

Trust: 1.4

url:https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageid=27492407

Trust: 1.4

url:http://www.oracle.com/technetwork/java/seccodeguide-139067.html#8

Trust: 1.4

url:https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3ccommits.samza.apache.org%3e

Trust: 1.0

url:https://www.tp-link.com/en/download/eap220.html#controller_software

Trust: 0.8

url:https://docs.oracle.com/javase/8/docs/technotes/guides/rmi/rmi_security_recommendations.html

Trust: 0.8

url:http://cwe.mitre.org/data/definitions/306.html

Trust: 0.8

url:https://networks.unify.com/security/advisories/obso-1511-01.pdf

Trust: 0.8

url:http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793&sh=&cmid=wwsu12091612mpp001c179

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6420

Trust: 0.8

url:https://jvn.jp/vu/jvnvu96340370/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6420

Trust: 0.8

url:http://www.securityfocus.com/bid/77521

Trust: 0.6

url:http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html?elq_mid=31793&sh=&cmid=wwsu12091612mpp001c179

Trust: 0.6

url:https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3ccommits.samza.apache.org%3e

Trust: 0.6

url:https://www.ibm.com/support/docview.wss?uid=ibm10967469

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-extreme-scale-liberty-deployment/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10958165

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3165/

Trust: 0.6

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917

Trust: 0.4

url:http://www.cisco.com/

Trust: 0.3

url:http://seclists.org/oss-sec/2015/q4/237

Trust: 0.3

url:http://seclists.org/oss-sec/2015/q4/241

Trust: 0.3

url:https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4877

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7547

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0050

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

sources: CERT/CC: VU#581311 // CERT/CC: VU#576313 // BID: 78872 // BID: 77521 // JVNDB: JVNDB-2015-006448 // JVNDB: JVNDB-2015-005930 // PACKETSTORM: 134752 // PACKETSTORM: 140605 // CNNVD: CNNVD-201512-421 // CNNVD: CNNVD-201511-241 // CNNVD: CNNVD-201512-420 // NVD: CVE-2015-6420

CREDITS

foxglovesecurity

Trust: 0.9

sources: BID: 77521 // CNNVD: CNNVD-201512-421

SOURCES

db:CERT/CCid:VU#581311
db:CERT/CCid:VU#576313
db:VULMONid:CVE-2015-6420
db:BIDid:78872
db:BIDid:77521
db:JVNDBid:JVNDB-2015-006448
db:JVNDBid:JVNDB-2015-005930
db:PACKETSTORMid:134752
db:PACKETSTORMid:140605
db:CNNVDid:CNNVD-201512-421
db:CNNVDid:CNNVD-201511-241
db:CNNVDid:CNNVD-201512-420
db:NVDid:CVE-2015-6420

LAST UPDATE DATE

2024-09-09T19:53:52.134000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#581311date:2018-11-08T00:00:00
db:CERT/CCid:VU#576313date:2018-08-27T00:00:00
db:VULMONid:CVE-2015-6420date:2023-11-07T00:00:00
db:BIDid:78872date:2018-09-27T06:00:00
db:BIDid:77521date:2015-12-08T22:09:00
db:JVNDBid:JVNDB-2015-006448date:2018-09-28T00:00:00
db:JVNDBid:JVNDB-2015-005930date:2018-02-07T00:00:00
db:CNNVDid:CNNVD-201512-421date:2015-12-18T00:00:00
db:CNNVDid:CNNVD-201511-241date:2015-11-24T00:00:00
db:CNNVDid:CNNVD-201512-420date:2021-05-28T00:00:00
db:NVDid:CVE-2015-6420date:2023-11-07T02:26:50.673

SOURCES RELEASE DATE

db:CERT/CCid:VU#581311date:2018-09-26T00:00:00
db:CERT/CCid:VU#576313date:2015-11-13T00:00:00
db:VULMONid:CVE-2015-6420date:2015-12-15T00:00:00
db:BIDid:78872date:2015-12-09T00:00:00
db:BIDid:77521date:2015-11-08T00:00:00
db:JVNDBid:JVNDB-2015-006448date:2015-12-18T00:00:00
db:JVNDBid:JVNDB-2015-005930date:2015-11-17T00:00:00
db:PACKETSTORMid:134752date:2015-12-10T17:22:52
db:PACKETSTORMid:140605date:2017-01-19T13:56:50
db:CNNVDid:CNNVD-201512-421date:2015-11-08T00:00:00
db:CNNVDid:CNNVD-201511-241date:2015-11-23T00:00:00
db:CNNVDid:CNNVD-201512-420date:2015-12-15T00:00:00
db:NVDid:CVE-2015-6420date:2015-12-15T05:59:07.823