High severity8.1NVD Advisory· Published Apr 7, 2016· Updated Jun 17, 2026
CVE-2016-2510
CVE-2016-2510
Description
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache-extras.beanshell:bshMaven | < 2.0b6 | 2.0b6 |
Affected products
14cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- ghsa-coords5 versionspkg:maven/org.apache-extras.beanshell/bshpkg:rpm/opensuse/bsh2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bsh2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/bsh2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/bsh2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 2.0b6+ 4 more
- (no CPE)range: < 2.0b6
- (no CPE)range: < 2.0.0.b6-2.7
- (no CPE)range: < 2.0-318.1
- (no CPE)range: < 2.0.0.b5-3.2
- (no CPE)range: < 2.0.0.b5-3.2
Patches
Vulnerability mechanics
References
21- github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2cednvdPatchThird Party AdvisoryWEB
- github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49nvdPatchThird Party AdvisoryWEB
- github.com/beanshell/beanshell/releases/tag/2.0b6nvdPatchThird Party AdvisoryWEB
- github.com/frohoff/ysoserial/pull/13nvdExploitThird Party AdvisoryWEB
- www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdfnvdExploitThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.htmlnvdMailing ListThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0539.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0540.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-2035.htmlnvdThird Party AdvisoryWEB
- www.debian.org/security/2016/dsa-3504nvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/84139nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1035440nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2923-1nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1135nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2016:1376nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:1545nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-gxg6-rc6c-v673ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2510ghsaADVISORY
- security.gentoo.org/glsa/201607-17nvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
News mentions
0No linked articles in our index yet.