CVE-2015-6420

About vulnerability

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Affected product:

Apache Commons , Apache Hadoop , Apache Hive , Apache Maven , Apache Spark , Apache Struts , Apache Velocity , Plexus , Spring , acegi-security , avalon , avro , bookkeeper-common-allocator , cocoon , creadur-rat , cxf , directory-ldap-api , dropwizard-metrics-hadoop-metrics2-reporter , druid , elasticsearch , groovy , hbase , htmlunit , jackrabbit , jasperreports , java-opensaml , logging-flume , logging-log4j2 , myfaces , neo4j-ogm , ws-wss4j

Affected packages:

spring-boot-security-test-web-helloworld @ 1.5.22.RELEASE (+1094 more)

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.