PT-2016-4953 · Apache+1 · Apache Commons Collections+1

Published

2016-05-30

Updated

2016-12-01

CVE-2016-1999

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HP Release Control versions 9.13 through 9.21

Description The issue allows remote attackers to execute arbitrary commands on the server via a crafted serialized Java object, related to the Apache Commons Collections library.

Recommendations For HP Release Control versions 9.13 through 9.21, update to a version that includes a fix for the Apache Commons Collections library issue to prevent remote command execution.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-1999

Affected Products

Apache Commons Collections

Hp Release Control

PT-2016-4953 · Apache+1 · Apache Commons Collections+1

CVE-2016-1999

Weakness Enumeration

Related Identifiers

Affected Products

References · 4