CVE-2015-7501

Name of the Vulnerable Software and Affected Versions Red Hat JBoss A-MQ versions 6.x Red Hat BPM Suite (BPMS) versions 6.x Red Hat BRMS versions 5.x and 6.x Red Hat Data Grid (JDG) versions 6.x Red Hat Data Virtualization (JDV) versions 5.x and 6.x Red Hat Enterprise Application Platform versions 4.3.x, 5.x, and 6.x Red Hat Fuse versions 6.x Red Hat Fuse Service Works (FSW) versions 6.x Red Hat Operations Network (JBoss ON) versions 3.x Red Hat Portal versions 6.x Red Hat SOA Platform (SOA-P) versions 5.x Red Hat Web Server (JWS) versions 3.x Red Hat OpenShift/xPAAS versions 3.x Red Hat Subscription Asset Manager version 1.3

Description The issue is related to the Apache Commons Collections (ACC) library, which allows remote attackers to execute arbitrary commands via a crafted serialized Java object. This can be achieved by exploiting a flaw in the library that permits code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

Recommendations For Red Hat JBoss A-MQ versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat BPM Suite (BPMS) versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat BRMS versions 5.x and 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Data Grid (JDG) versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Data Virtualization (JDV) versions 5.x and 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Enterprise Application Platform versions 4.3.x, 5.x, and 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Fuse versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Fuse Service Works (FSW) versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Operations Network (JBoss ON) versions 3.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Portal versions 6.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat SOA Platform (SOA-P) versions 5.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Web Server (JWS) versions 3.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat OpenShift/xPAAS versions 3.x, update to a version that includes the fix for the Apache Commons Collections library issue. For Red Hat Subscription Asset Manager version 1.3, update to a version that includes the fix for the Apache Commons Collections library issue.