CVE-2015-6420

SOURCE - github

Summary

Serialized-object interfaces in Java applications using the Apache Commons Collections (ACC) library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object.

EPSS Score⁠: 0.0088 (0.826)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-502⁠

Deserialization of Untrusted Data

SOURCE - github

CWE-502⁠

Deserialization of Untrusted Data

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-502⁠

Deserialization of Untrusted Data

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Sources (3)

Impacted images

NIST

CREATED

9 years ago

UPDATED

3 years ago

SOURCE IDCVE-2015-6420⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

7.5high

GitHub

CREATED

4 years ago

UPDATED

1 year ago

SOURCE IDGHSA-6hgm-866r-3cjv⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

N/Ahigh

GitLab

CREATED

4 years ago

UPDATED

1 year ago

SOURCE ID

CVE-2015-6420

EXPLOITABILITY SCORE

10.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-502⁠CWE-78⁠CWE-937⁠

CVSS SCORE

7.5high