CVE-2015-4852 (High) detected in commons-collections4-4.0.jar #222
Description
CVE-2015-4852 - High Severity Vulnerability
Vulnerable Library - commons-collections4-4.0.jar
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.
Path to dependency file: cloud-pipeline/vm-monitor/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-collections4/4.0/da217367fd25e88df52ba79e47658d4cf928b0d1/commons-collections4-4.0.jar,canner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-collections4/4.0/da217367fd25e88df52ba79e47658d4cf928b0d1/commons-collections4-4.0.jar
Dependency Hierarchy:
- ❌ commons-collections4-4.0.jar (Vulnerable Library)
Found in HEAD commit: 1db3170e0bd699acd5fec6e3fcebfa68fe86edcf
Found in base branch: develop
Vulnerability Details
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Publish Date: 2015-11-18
URL: CVE-2015-4852
CVSS 2 Score Details (7.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19
Release Date: 2015-11-18
Fix Resolution: commons-collections:commons-collections:3.2.2
⛑️ Automatic Remediation is available for this issue