{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-24T04:06:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:2596", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2596"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "RHSA-2016:1376", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1376"}, {"name": "GLSA-201610-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://groovy-lang.org/security.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20160623-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2016:0066", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0066.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"}, {"name": "RHSA-2017:2486", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2486"}, {"name": "1034815", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034815"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"name": "75919", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75919"}, {"name": "20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/536012/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[shardingsphere-notifications] 20200623 [GitHub] [shardingsphere] liuqiankun93 opened a new issue #6180: The groovy-2.4.5-indy.jar has High-level security risks", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed%40%3Cnotifications.shardingsphere.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3253", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:2596", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2596"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "RHSA-2016:1376", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1376"}, {"name": "GLSA-201610-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-01"}, {"name": "http://groovy-lang.org/security.html", "refsource": "CONFIRM", "url": "http://groovy-lang.org/security.html"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"}, {"name": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"}, {"name": "https://security.netapp.com/advisory/ntap-20160623-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20160623-0001/"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2016:0066", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0066.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"}, {"name": "RHSA-2017:2486", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2486"}, {"name": "1034815", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034815"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"name": "75919", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75919"}, {"name": "20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536012/100/0/threaded"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[shardingsphere-notifications] 20200623 [GitHub] [shardingsphere] liuqiankun93 opened a new issue #6180: The groovy-2.4.5-indy.jar has High-level security risks", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed@%3Cnotifications.shardingsphere.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.116Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:2596", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2596"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "RHSA-2016:1376", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1376"}, {"name": "GLSA-201610-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://groovy-lang.org/security.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20160623-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"name": "RHSA-2016:0066", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0066.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"}, {"name": "RHSA-2017:2486", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2486"}, {"name": "1034815", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034815"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"name": "75919", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75919"}, {"name": "20150716 [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/536012/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "[shardingsphere-notifications] 20200623 [GitHub] [shardingsphere] liuqiankun93 opened a new issue #6180: The groovy-2.4.5-indy.jar has High-level security risks", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed%40%3Cnotifications.shardingsphere.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3253", "datePublished": "2015-08-13T14:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.116Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:groovy:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "565A8A62-8F7E-4C3F-934C-F36B9A353D9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "15210A74-0E69-4F28-B356-8EA7ED0C3831", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "1FBE9618-5A18-401C-8D74-0EAA02D31553", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "9CA686E1-6384-4F43-8165-31C490909ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "94170FFD-A756-4BFC-8900-91E0D64CE6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "97DB1B72-ACC3-4C82-A182-F1BD7766B01A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDA45976-50A3-444F-8693-734CF07D0ED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8082E398-371E-469E-B699-1B5AB0EEF676", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "B7B81590-6C49-48D6-A2E9-BA09B549159F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "2D3E726E-1043-4067-8AB4-02A08C52D7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "30E267FA-A156-4880-822E-5A34094FC26E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "789D66C8-8B94-4349-830F-D9A6D6C5FF35", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "B8AA186A-3061-49E2-996A-3405198BACB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "4118B67D-10CA-4373-ADC5-B7C1AA0B0814", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "0A559B2D-6F1B-40C8-A8F8-DC0F272D9C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "607B9E80-F763-4445-8CBE-AB30F81E9F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "49B6C53B-12DE-499E-BF11-21E988AE69E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "7DB271EE-55C6-420A-A4F3-1FCCC4A1E536", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "534CF3B2-1526-4939-8CA4-73C136139B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "6FE5ED10-9BE1-497C-BFF5-FB117D470868", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:beta_4:*:*:*:*:*:*", "matchCriteriaId": "41E75756-0D5C-497E-9C95-8F89C6CDD0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "76050825-9A03-462F-9035-87EDC0E32091", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "41313322-E506-46F2-BB0C-F0F90E9C8F66", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7F9A2859-681A-43DE-8282-F7AE72EC5670", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "7646FEB3-83B2-4951-A3C9-863B4938FB98", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "566A91C5-672E-458D-896C-481E40F116D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "15F6843B-12C7-4E7D-986B-0EE7098A2BE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "86911526-4911-4EF4-A5FB-742F2F23C283", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "38620A98-0F48-4BB2-8FEA-D00796713056", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "F0EF6781-95D4-4908-A55D-888F694BF468", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "BCB846E3-8D81-44B1-8C9A-CF68E93D68ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "19503EAB-5637-4075-9A29-892F7395E743", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "96768F0A-E177-471F-8197-EFF56CE0FD17", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "8062ACA3-BEA2-46CC-99C7-F6AE92E4130E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E7F78C79-0F93-4E38-972C-03DEC7CDCDD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.9.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "A382D9C5-DE4F-4A0A-8D2E-D5B7CE152A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.9.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "2E1D3896-B64A-45FA-B861-775D834E8D3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:1.9.0:beta_4:*:*:*:*:*:*", "matchCriteriaId": "94B67066-EDC2-4852-A092-D9E5BD3DAE2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "34AE23A0-2A65-4E7F-869F-3A41C3F6565B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "5E9B8472-DB38-4EE9-83D0-C4A1DE44EB4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "61F98F74-5405-4E32-B944-9FCD1D744B49", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "CBD11E3A-C94A-464E-8584-5841872B3E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B791A7E8-5DE3-4B76-97F7-218B79E0ADE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F78F0F9F-6A17-436B-979B-0F2EF00A4860", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D9DFB6E8-7A3D-4F31-AF7C-D35BA2133EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "F3E8BFC0-1EF8-4643-84BF-6513A7D36AC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "16C0C857-A41F-429E-BD7F-16D7CC14A51C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9ABCD368-372F-4B11-932B-25835A5F1166", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "07710AAB-E7D6-4600-AE17-A4B9411F5BD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2D12AB90-D1A6-4C7B-BEA1-E58D17FE97A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "37625E89-604B-4752-8A0D-0FCF18087AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C5360B48-32BE-4FE4-AE6C-28EF84F47C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E2BAA2EA-3C54-498A-A36B-09D6EF699E8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "50377CE0-189E-421D-A1C7-AFC7BCBE9853", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "35E15550-2DF5-468D-AE6C-079AFB748ABA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "D37474B0-0EDB-4737-A190-F099AA0EC348", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "9BDBE78B-64A5-492C-A86D-1D2987C2C0B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "2DC63DA9-4234-42BE-A76A-4564FA2936E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "57557B0C-A098-491B-BC71-97B1F3E707E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "51D24DF2-56FE-426D-925F-BF1D48A6C45A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8393D1C7-BA26-4589-8CF4-4A9C6F2F9436", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E12A9163-017E-40D5-B3B2-DCEF912F3CBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "AE6AB4B1-47F3-4955-A5F8-46870569D2E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "69884871-DE94-481A-B890-8385BA585B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "A46A0844-9BF9-4D0B-91FA-3D2B979E8F0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "2A898188-E98A-479C-9ED8-3FD9691299CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "1A3C399D-AE93-401C-9BA0-A5D443624CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "1C7E3BA4-5E49-4E09-999A-629C36C20E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4DCC641-2C37-4F21-8963-7008C5DA35B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "1BC9559B-A23E-4B08-9E02-49829B2DB9AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "526A1F0B-3F77-4A9C-9223-3523C3E2F0E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "969A19E4-3AB0-4C59-BDCE-44E853A395C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "72927C4F-377E-423A-A687-4036E330436D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "355D2577-34C8-4756-B7B4-F55B13D65ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D614336-6677-42AD-8CFB-8B61486BFB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C4F207A-48DE-4460-8C53-E34D2E1C3ADE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BB2F67B-CD0C-458E-A0EA-AF17EF8620BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "A3688447-B686-4891-844D-327DCDC71284", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "6E958086-18A5-4F0B-938D-E00634BC117F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B773B2C0-DC4D-4E9B-B484-96C1587CCF2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "19F1095C-C1A3-427C-8149-BA030F2B3035", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "FC8AEB6E-B8EA-49A2-96A3-CD37A9B32F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C8E8367-DC45-4477-A688-B8962EFECCAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "58A60CE0-48AB-4FE1-8999-D398CA4F6B6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "8DDD1340-FE0B-49AA-981D-F30FDAC56F90", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBDDF4CF-A5EE-45AB-9283-67F2AA4630BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "1E5698C9-D5EA-4D7B-A495-BB3179F3D7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "EEB8ED44-7A1E-4B78-BF54-F596F94909B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "A08181CD-D0C4-4DF4-A0AC-50DD9330F8AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "1531317F-0F79-47CD-9DC7-6683B23E891E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B73D9E09-E5BE-4C75-8C20-91640FC0FA97", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "4AA55ECE-FD75-4708-BE4E-6FF599365EB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "593D33D0-744A-4DF8-B7D8-A3B85CDF20C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E02C5676-5F69-4AB9-BFF3-76878DD20EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "8ABF7825-996E-4162-97BA-F3517536A43E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "01944C65-F293-4896-9BB7-89A550F452F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:beta_3:*:*:*:*:*:*", "matchCriteriaId": "9EB1A0ED-7970-47F2-871B-700813F8E57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:beta_4:*:*:*:*:*:*", "matchCriteriaId": "E7EC503A-A8EB-4C4A-ADBA-303A363F5448", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C7ED98A3-78BD-4F5E-B35F-13CE90C7C197", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "030FEF45-5B99-4778-B2DB-1C340F01F8FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F32F6302-043E-425A-AB23-E298409B243D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "41EFA07D-645A-42BB-B909-D9F95C050F49", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:groovy:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "82B15E03-7CFA-464D-A7D3-8DAF9FAF25FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:health_sciences_clinical_development_center:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "25868228-0213-4C06-B4B0-5E504121C96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_clinical_development_center:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0B53A9E-1C92-4F07-A68F-86F9EF393268", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5868A1C3-269C-4513-A52A-2BAA524ECA13", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1805C8F-2487-436C-B1DE-5EBC5687F38E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AA9A5354-415D-44F3-8B59-C2177D1244A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B9763AF-282B-40C7-B35C-4CA8C22FDC76", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DE85F32-AA14-4932-A265-4163DF0331AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "B47231C8-15DD-4ABA-86D5-CB6EEF23F587", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "3ACA9AD3-AAFA-439C-8839-62C9977D52BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "69334F96-5759-4475-9931-038C98109D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "B28BA80D-9179-4A1A-A49B-5F110EF53072", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "62235B8C-F221-43D5-BA95-D9127D38C28B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BB4709C-6373-43CC-918C-876A6569865A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9A1595B-38E3-4444-A7C6-7BF310EF7E69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object."}, {"lang": "es", "value": "Vulnerabilidad en la clase MethodClosure en runtime/MethodClosure.java en Apache Groovy desde la versi\u00f3n 1.7.0 hasta la versi\u00f3n 2.4.3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y causar una denegaci\u00f3n de servicio a trav\u00e9s de un objeto serializado manipulado."}], "id": "CVE-2015-3253", "lastModified": "2023-11-07T02:25:33.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-08-13T14:59:02.377", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://groovy-lang.org/security.html"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0066.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/536012/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75919"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1034815"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2016:1376"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2486"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2596"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed%40%3Cnotifications.shardingsphere.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201610-01"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20160623-0001/"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "secalert@redhat.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:2486", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "groovy-0:1.8.9-8.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-08-17T00:00:00Z"}, {"advisory": "RHSA-2015:2557", "cpe": "cpe:/a:redhat:jboss_amq:6.2", "product_name": "Red Hat JBoss A-MQ 6.2", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:0066", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.2", "impact": "moderate", "package": "groovy-all", "product_name": "Red Hat JBoss Data Virtualization 6.2", "release_date": "2016-01-25T00:00:00Z"}, {"advisory": "RHSA-2015:2556", "cpe": "cpe:/a:redhat:jboss_fuse:6.2", "product_name": "Red Hat JBoss Fuse 6.2", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2015:2558", "cpe": "cpe:/a:redhat:jboss_fuse_service_works:6.2", "product_name": "Red Hat JBoss Fuse Service Works 6.2", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:0118", "cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "package": "groovy-all", "product_name": "Red Hat JBoss Operations Network 3.3", "release_date": "2016-02-03T00:00:00Z"}, {"advisory": "RHSA-2016:1376", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "package": "grovy-all", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2016-06-30T00:00:00Z"}, {"advisory": "RHSA-2017:2596", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-maven33-groovy-0:1.8.9-7.19.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2596", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-maven33-groovy-0:1.8.9-7.19.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2596", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-maven33-groovy-0:1.8.9-7.19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2017-09-05T00:00:00Z"}, {"advisory": "RHSA-2017:2596", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-maven33-groovy-0:1.8.9-7.19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2017-09-05T00:00:00Z"}], "bugzilla": {"description": "groovy: remote execution of untrusted code in class MethodClosure", "id": "1243934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243934"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-502->CWE-284", "details": ["The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.", "A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability."], "mitigation": {"lang": "en:us", "value": "Apply the following patch on the MethodClosure class (src/main/org/codehaus/groovy/runtime/MethodClosure.java):\npublic class MethodClosure extends Closure {\n+ private Object readResolve() {\n+ throw new UnsupportedOperationException();\n+ \n}\nAlternatively, you should make sure to use a custom security policy file (using the standard Java security manager) or make sure that you do not rely on serialization to communicate remotely."}, "name": "CVE-2015-3253", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Not affected", "package_name": "groovy-all", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Affected", "package_name": "jasperreports-server-pro", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "groovy-all", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "groovy-all", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "groovy-all", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "groovy-all", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4", "fix_state": "Will not fix", "package_name": "groovy-all", "product_name": "Red Hat JBoss SOA Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "jenkins", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2015-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3253\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3253\nhttp://seclists.org/oss-sec/2015/q3/121"], "threat_severity": "Important", "upstream_fix": "Groovy 2.4.4"}