CVE-2015-3253
CVE-2015-3253
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://groovy-lang.org/security.htmlhttp://packetstormsecurity.com/files/132714/Apache-Groovy-2.4.3-Code-Execution.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0066.htmlhttps://access.redhat.com/errata/RHSA-2016:1376https://access.redhat.com/errata/RHSA-2017:2486https://access.redhat.com/errata/RHSA-2017:2596https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755https://lists.apache.org/thread.html/rbb8e16cc5acab183124572b655bdf5fe1d5b5f477dc267352426c7ed%40%3Cnotifications.shardingsphere.apache.org%3Ehttps://security.gentoo.org/glsa/201610-01https://security.netapp.com/advisory/ntap-20160623-0001/https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html