Home

CVE-2015-3253

Description

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
66.025

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2015-3253 are fixed in Groovy-groovy 2.4.4Windows
Vulnerabilities CVE-2015-3253 are fixed in Groovy-groovy-all 2.4.4Windows
Vulnerabilities CVE-2015-3253,CVE-2017-3296 are affected in Oracle Commerce Platform 10.0.3.5Windows
Vulnerabilities CVE-2015-3253,CVE-2017-3296 are affected in Oracle Commerce Platform 10.2.0.5Windows
Vulnerabilities CVE-2015-3253 are affected in Oracle Commerce Platform 11.2.0.1Windows
(RHSA-2017:2486) Important: groovy security update groovy-1.8.9-8.el7_4.noarch.rpmLinux
(RHSA-2017:2486) Important: groovy security update groovy-javadoc-1.8.9-8.el7_4.noarch.rpmLinux
(CESA-2017:2486) Important: groovy security update groovy-1.8.9-8.el7_4.noarch.rpmLinux
(CESA-2017:2486) Important: groovy security update groovy-javadoc-1.8.9-8.el7_4.noarch.rpmLinux
Vulnerabilities CVE-2015-3253 are fixed in Groovy-groovy for Linux 2.4.4Linux
Vulnerabilities CVE-2015-3253 are fixed in Groovy-groovy-all for Linux 2.4.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234