Vulnerability CVE-2015-3253


Published: 2015-08-13

Description:
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Apache Groovy Zero-Day Vulnerability Disclosure
cpnrodzc7
16.07.2015
High
Elasticsearch 1.6.0 Remote Code Execution
cpnrodzc7
17.07.2015

Type:

CWE-74

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Oracle -> Webcenter sites 
Oracle -> Health sciences clinical development center 
Oracle -> Retail order broker cloud service 
Oracle -> Retail service backbone 
Oracle -> Retail store inventory management 
Apache -> Groovy 

 References:
http://groovy-lang.org/security.html
http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html
http://rhn.redhat.com/errata/RHSA-2016-0066.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/archive/1/536012/100/0/threaded
http://www.securityfocus.com/bid/75919
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034815
http://www.zerodayinitiative.com/advisories/ZDI-15-365/
https://access.redhat.com/errata/RHSA-2016:1376
https://access.redhat.com/errata/RHSA-2017:2486
https://access.redhat.com/errata/RHSA-2017:2596
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
https://security.gentoo.org/glsa/201610-01
https://security.netapp.com/advisory/ntap-20160623-0001/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Copyright 2024, cxsecurity.com

 

Back to Top