Critical severity9.8NVD Advisory· Published Nov 9, 2017· Updated May 13, 2026
CVE-2015-7501
CVE-2015-7501
Description
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
commons-collections:commons-collectionsMaven | < 3.2.2 | 3.2.2 |
org.apache.commons:commons-collections4Maven | < 4.1 | 4.1 |
org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collectionsMaven | >= 3.2.1 | — |
org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-genericMaven | >= 4.01 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
36- www.securityfocus.com/bid/78215nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034097nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037052nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037053nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037640nvdThird Party AdvisoryVDB Entry
- access.redhat.com/security/vulnerabilities/2059393nvdVendor AdvisoryWEB
- access.redhat.com/solutions/2045023nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryVendor AdvisoryWEB
- github.com/advisories/GHSA-fjq5-5j5f-mvxhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7501ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2016-1773.htmlnvdWEB
- arxiv.org/pdf/2306.05534.pdfghsaWEB
- commons.apache.org/proper/commons-collections/release_4_1.htmlghsaWEB
- foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerabilityghsaWEB
- github.com/jensdietrich/xshady-release/tree/main/CVE-2015-7501ghsaWEB
- issues.apache.org/jira/browse/COLLECTIONS-580.ghsaWEB
- sourceforge.net/p/collections/code/HEAD/treeghsaWEB
- rhn.redhat.com/errata/RHSA-2015-2500.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2501.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2502.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2514.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2516.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2517.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2521.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2522.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2524.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2670.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2671.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-0040.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2536.htmlnvd
- security.netapp.com/advisory/ntap-20240216-0010/nvd
- www.oracle.com/security-alerts/cpujul2020.htmlnvd
News mentions
0No linked articles in our index yet.