Is DCS 6.x vulnerable to (CVE-2015-6420): Serialized-object interfaces in certain cases can allow remote attackers to execute arbitrary commands via a crafted serialized Java objects.
search cancel

Is DCS 6.x vulnerable to (CVE-2015-6420): Serialized-object interfaces in certain cases can allow remote attackers to execute arbitrary commands via a crafted serialized Java objects.

book

Article ID: 150328

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

 

Resolution

The CVE-2015-6420 vulnerability has to do with serialized objects. DCS 6.x does not use java serialized objects in the server or console so we are not vulnerable to this.

The file in question here (commons-collections-3.2.1.jar) was added in DCS 6.0.0 This file is required and should not delete.

The file (commons-collections-3.2.1.jar) is found in the following locations in the DCS product:

\Console\lib
\Server\tomcat\symapps\console\sis-ui\WEB-INF\lib
\Server\WebConsole\lib

 

 


 

Powered by Wolken Software