Launchpad CVE tracker

CVE 2016-2170

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
CONFIRM: http://ofbiz.apache.or...
CONFIRM: https://blogs.apache.o...
CONFIRM: https://blogs.apache.o...
CONFIRM: https://cwiki.apache.o...
CONFIRM: https://issues.apache....
SECTRACK: 1035513
BUGTRAQ: 20160408 CVE-2016-2170...
MLIST: [ofbiz-dev] 20210325 C...
MLIST: [ofbiz-dev] 20210325 R...
MLIST: [ofbiz-dev] 20210329 R...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...
MLIST: [ofbiz-notifications] ...

Launchpad.net

CVE 2016-2170

Related bugs

References