You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/target/JavaVulnerableLab/WEB-INF/lib/commons-collections-3.2.1.jar
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
mend-for-github-combot
changed the title
CVE-2015-4852 (High) detected in commons-collections-3.2.1.jar
CVE-2015-4852 (Critical) detected in commons-collections-3.2.1.jar
Dec 23, 2023
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-combot
changed the title
CVE-2015-4852 (Critical) detected in commons-collections-3.2.1.jar
CVE-2015-4852 (Critical) detected in commons-collections-3.2.1.jar - autoclosed
Apr 13, 2024
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-combot
changed the title
CVE-2015-4852 (Critical) detected in commons-collections-3.2.1.jar - autoclosed
CVE-2015-4852 (Critical) detected in commons-collections-3.2.1.jar
Apr 18, 2024
CVE-2015-4852 - Critical Severity Vulnerability
Vulnerable Library - commons-collections-3.2.1.jar
Types that extend and augment the Java Collections Framework.
Library home page: http://www.apache.org/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/target/JavaVulnerableLab/WEB-INF/lib/commons-collections-3.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: 2268241dee1b615db7b95c4495882467c7cd1127
Found in base branch: master
Vulnerability Details
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Publish Date: 2015-11-18
URL: CVE-2015-4852
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19
Release Date: 2015-11-18
Fix Resolution: 3.2.2
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: