← Back

CVE-2015-3253

nvd nist
Published: Aug 13, 2015Modified: May 6, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Affected (120)

Apache
1 product
Groovy
Oracle
5 products
Health Sciences Clinical Development Center
Retail Order Broker Cloud Service
Retail Service Backbone
Retail Store Inventory Management
Webcenter Sites
Configuration A
103 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Groovy
Version 1.7.0
Groovy
Version 1.7.0 beta_1
Groovy
Version 1.7.0 beta_2
Groovy
Version 1.7.0 rc1
Groovy
Version 1.7.0 rc2
Groovy
Version 1.7.10
Groovy
Version 1.7.11
Groovy
Version 1.7.1
Groovy
Version 1.7.2
Groovy
Version 1.7.3
Groovy
Version 1.7.4
Groovy
Version 1.7.5
Groovy
Version 1.7.6
Groovy
Version 1.7.7
Groovy
Version 1.7.8
Groovy
Version 1.7.9
Groovy
Version 1.8.0
Groovy
Version 1.8.0 beta_1
Groovy
Version 1.8.0 beta_2
Groovy
Version 1.8.0 beta_3
Groovy
Version 1.8.0 beta_4
Groovy
Version 1.8.0 rc1
Groovy
Version 1.8.0 rc2
Groovy
Version 1.8.0 rc3
Groovy
Version 1.8.0 rc4
Groovy
Version 1.8.1
Groovy
Version 1.8.2
Groovy
Version 1.8.3
Groovy
Version 1.8.4
Groovy
Version 1.8.5
Groovy
Version 1.8.6
Groovy
Version 1.8.7
Groovy
Version 1.8.8
Groovy
Version 1.8.9
Groovy
Version 1.9.0
Groovy
Version 1.9.0 beta_1
Groovy
Version 1.9.0 beta_3
Groovy
Version 1.9.0 beta_4
Groovy
Version 2.0.0
Groovy
Version 2.0.0 beta_1
Groovy
Version 2.0.0 beta_2
Groovy
Version 2.0.0 beta_3
Groovy
Version 2.0.0 rc1
Groovy
Version 2.0.0 rc2
Groovy
Version 2.0.0 rc3
Groovy
Version 2.0.0 rc4
Groovy
Version 2.0.1
Groovy
Version 2.0.2
Groovy
Version 2.0.3
Groovy
Version 2.0.4
Groovy
Version 2.0.5
Groovy
Version 2.0.6
Groovy
Version 2.0.7
Groovy
Version 2.0.8
Groovy
Version 2.1.0
Groovy
Version 2.1.0 beta_1
Groovy
Version 2.1.0 rc1
Groovy
Version 2.1.0 rc2
Groovy
Version 2.1.0 rc3
Groovy
Version 2.1.1
Groovy
Version 2.1.2
Groovy
Version 2.1.3
Groovy
Version 2.1.4
Groovy
Version 2.1.5
Groovy
Version 2.1.6
Groovy
Version 2.1.7
Groovy
Version 2.1.8
Groovy
Version 2.1.9
Groovy
Version 2.2.0
Groovy
Version 2.2.0 beta_1
Groovy
Version 2.2.0 beta_2
Groovy
Version 2.2.0 rc1
Groovy
Version 2.2.0 rc2
Groovy
Version 2.2.0 rc3
Groovy
Version 2.2.1
Groovy
Version 2.2.2
Groovy
Version 2.3.0
Groovy
Version 2.3.0 beta_1
Groovy
Version 2.3.0 beta_2
Groovy
Version 2.3.0 rc1
Groovy
Version 2.3.0 rc2
Groovy
Version 2.3.0 rc3
Groovy
Version 2.3.10
Groovy
Version 2.3.11
Groovy
Version 2.3.1
Groovy
Version 2.3.2
Groovy
Version 2.3.3
Groovy
Version 2.3.4
Groovy
Version 2.3.5
Groovy
Version 2.3.6
Groovy
Version 2.3.7
Groovy
Version 2.3.8
Groovy
Version 2.3.9
Groovy
Version 2.4.0
Groovy
Version 2.4.0 beta_1
Groovy
Version 2.4.0 beta_2
Groovy
Version 2.4.0 beta_3
Groovy
Version 2.4.0 beta_4
Groovy
Version 2.4.0 rc1
Groovy
Version 2.4.0 rc2
Groovy
Version 2.4.1
Groovy
Version 2.4.2
Groovy
Version 2.4.3
Configuration B
15 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Health Sciences Clinical Development Center
Version 3.1.1
Health Sciences Clinical Development Center
Version 3.1.2
Oracle
Retail Order Broker Cloud Service
Version 15.0
Retail Order Broker Cloud Service
Version 4.1
Retail Order Broker Cloud Service
Version 5.1
Retail Order Broker Cloud Service
Version 5.2
Oracle
Retail Service Backbone
Version 13.0
Retail Service Backbone
Version 13.1
Retail Service Backbone
Version 13.2
Retail Service Backbone
Version 14.0
Retail Service Backbone
Version 14.1
Retail Service Backbone
Version 15.0
Oracle
Retail Store Inventory Management
Version 13.2
Retail Store Inventory Management
Version 14.0
Retail Store Inventory Management
Version 14.1
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Webcenter Sites
Version 11.1.1.8.0
Webcenter Sites
Version 12.2.1

Related CWEs

CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (46)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
MitigationThird Party AdvisoryVDB Entry
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.