CVE-2015-3253

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Groovy
Vendor: CVE Published:; 13 August 2015

Summary

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2017:2596

vendor-advisoryx_refsource_REDHAT

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2015
Vulnerability Reserved
Apr 10, 2015