IBM WebSphere Management Server Apache Commons

Added: 02/03/2016
CVE: CVE-2015-7450

Background

IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package.

Problem

Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.

Limitations

This exploit was tested against WebSphere 8.5.5.1 on Redhat Enterprise Linux 7.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21970575

Resolution

Install the patch provided in IBM security bulletin swg21970575.

Platforms

Linux

Back to exploit index