ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Is DCS 6.x vulnerable to (CVE-2015-6420): Serialized-object interfaces in certain cases can allow remote attackers to execute arbitrary commands via a crafted serialized Java objects.

book

Article ID: 150328

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

 

Resolution

The CVE-2015-6420 vulnerability has to do with serialized objects. DCS 6.x does not use java serialized objects in the server or console so we are not vulnerable to this.

The file in question here (commons-collections-3.2.1.jar) was added in DCS 6.0.0 This file is required and should not delete.

The file (commons-collections-3.2.1.jar) is found in the following locations in the DCS product:

\Console\lib
\Server\tomcat\symapps\console\sis-ui\WEB-INF\lib
\Server\WebConsole\lib