Commons-collections serialization Security Advisory [07 Dec 2015] -- CVE-2015-7501
search cancel

Commons-collections serialization Security Advisory [07 Dec 2015] -- CVE-2015-7501


Article ID: 42465


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway



It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

CA Technologies has been reviewing the vulnerability against our product suite to ensure that we understand the complete coverage that this issue may extend to. Based on our findings we have determined that this patch will include the changes necessary to address this issue.



Product(s) affected: CA API Gateway / Firewall / API Proxy / Mobile Access Gateway / CA API Developer Portal

Version(s): All versions


The remediation for this vulnerability is included in this file: (links updated 11-10-2016)

CVE-2015-7501_post8.0.L7P (for API Gateway version 8.0 and higher, and for CA API Developer Portal)

CVE-2015-7501_pre8.0.L7P (for API Gateway version 7.x)

Note: Please be aware that any Release or Service Pack upgrade may require you to re-install this Patch. Please contact Support for more information.

Additional Information:

US-CERT/NIST has issued a security advisory, CVE-2015-7501 




Release: L7SMG299000-7.1-Mobile API Gateway-HARDWARE APPLIANCE DUAL CPU