多款Cisco产品Apache Commons Collections库任意代码执行漏洞

admin
admin
admin
0
文章
0
评论
2022-07-12 07:34:25 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

多款Cisco产品Apache Commons Collections库任意代码执行漏洞

  • CNNVD编号:CNNVD-201512-420
  • 危害等级: 超危
  • CVE编号: CVE-2015-6420
  • 漏洞类型: 代码问题
  • 发布时间: 2015-12-15
  • 威胁类型: 远程
  • 更新时间: 2021-05-28
  • 厂        商: apache
  • 漏洞来源: The Cisco Product ...

漏洞简介

Apache Commons Collections(ACC)是美国阿帕奇(Apache)软件基金会的一个Apache Commons项目的Commons Proper(可重复利用Java组件库)中的组件,它可以扩展或增加Java集合框架。

多款Cisco产品的ACC库中使用的Java反序列化过程中存在安全漏洞。远程攻击者可通过提交特制的输入利用该漏洞执行任意代码。以下产品及版本受到影响:Cisco Digital Life RMS 1.8.1.1版本,Broadband Access Center Telco Wireless 3.8.1版本;SocialMiner,WebEx Meetings Server 1.x版本,2.x版本;NAC Agent for Windows;InTracer,Network Admission Control (NAC),Visual Quality Experience Server,Visual Quality Experience Tools Server;ASA CX and Cisco Prime Security Manager,Clean Access Manager,NAC Appliance (Clean Access Server),NAC Guest Server,NAC Server,Secure Access Control System (ACS);Access Registrar Appliance,Cloupia Unified Infrastructure Controller,Configuration Professional,Digital Media Manager,Insight Reporter,Prime Access Registrar Appliance,Prime Access Registrar,Prime Collaboration Provisioning,Prime Home,Prime LAN Management Solution (LMS - Solaris),Prime Optical for SPs,Prime Performance Manager,Prime Provisioning for SPs,Prime Provisioning,Prime Service Catalog Virtual Appliance,Security Manager,Data Center Analytics Framework (DCAF);Broadband Access Center Telco Wireless;Computer Telephony Integration Object Server (CTiOS),Hosted Collaboration Mediation Fulfillment,IM and Presence Service (CUPS),IP Interoperability and Collaboration System (IPICS),Management Heartbeat Server,MediaSense,MeetingPlace,Unified Communications Manager (UCM),Unified Communications Manager Session Management Edition (SME),Unified Contact Center Enterprise,Unified Intelligence Center,Unified Intelligent Contact Management Enterprise,Unified Sip Proxy;Media Experience Engines (MXE),Show and Share,TelePresence Exchange System (CTX),Videoscape Conductor;Business Video Services Automation Software (BV),Cloud Email Security,Registered Envelope Service (CRES),Unified Services Delivery Platform (CUSDP),Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool,Unified Communications Upgrade Readiness Assessment,DCAF UCS Collector,Network Change and Configuration Management,Partner Supporting Service (PSS) 1.x版本,SI component of Partner Supporting Service,Serial Number Assessment Service (SNAS),Smart Net Total Care (SNTC)。

漏洞公告

目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:

http://www.cisco.com/

参考网址

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E

来源:CISCO

链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

来源:CERT-VN

链接:https://www.kb.cert.org/vuls/id/581311

来源:BID

链接:https://www.securityfocus.com/bid/78872

来源:CONFIRM

链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

来源:CONFIRM

链接:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.HTML

来源:CONFIRM

链接:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

来源:MISC

链接:https://www.tenable.com/security/research/tra-2017-14

来源:MISC

链接:https://www.tenable.com/security/research/tra-2017-23

来源:www.ibm.com

链接:https://www.ibm.com/support/docview.wss?uid=ibm10967469

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-extreme-scale-liberty-deployment/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-2/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10958165

来源:tools.cisco.com

链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3165/

受影响实体

  • Apache Commons_collections:3.2.1  
  • Apache Commons_collections:4.0  

补丁

  • 多款Cisco产品Apache Commons Collections库任意代码执行漏洞的修复措施

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0