Back to search
CVE-2016-2170
Published: Apr 12, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://ofbiz.apache.org/download.html#vulnerabilities
x_refsource_CONFIRM
https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_12_04
x_refsource_CONFIRM
1035513
vdb-entry
x_refsource_SECTRACK
https://issues.apache.org/jira/browse/OFBIZ-6726
x_refsource_CONFIRM
20160408 CVE-2016-2170: Apache OFBiz information disclosure vulnerability
mailing-list
x_refsource_BUGTRAQ
https://blogs.apache.org/ofbiz/entry/announce_apache_ofbiz_13_07
x_refsource_CONFIRM
[ofbiz-dev] 20210325 Comment out the SOAP and HTTP engines?
mailing-list
x_refsource_MLIST
[ofbiz-dev] 20210325 Re: Comment out the SOAP and HTTP engines?
mailing-list
x_refsource_MLIST
[ofbiz-dev] 20210329 Re: Comment out the SOAP and HTTP engines?
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now