CVE-2015-7501

CRITICAL EXPLOITED

Red Hat Data Grid - Remote Code Execution via Deserialization of Untrusted Data

Title source: manual

Exploitation Summary

CVE-2015-7501 has been observed exploited in the wild (reported by VulnCheck KEV, ENISA EUVD). EIP tracks 2 public exploits from researchers including ianxtianxt.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2015-7501, demonstrating deserialization vulnerabilities using Apache Commons Collections gadgets and Java's AnnotationInvocationHandler. The PoC includes multiple examples of payload generation for RCE via deserialization.

Description

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Exploits (2)

nomisec WORKING POC 21 stars

by ianxtianxt · poc

https://github.com/ianxtianxt/CVE-2015-7501

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2015-7501, demonstrating deserialization vulnerabilities using Apache Commons Collections gadgets and Java's AnnotationInvocationHandler. The PoC includes multiple examples of payload generation for RCE via deserialization.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Apache Commons Collections <= 3.2.1

No auth needed

Prerequisites: Apache Commons Collections <= 3.2.1 in classpath · Java Runtime Environment < 8u72

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

vulncheck_xdb WRITEUP

remote

https://github.com/jas502n/Jboss_JMXInvokerServlet_Deserialization_RCE

View Code ZIP pw:eip

This repository provides a detailed technical walkthrough of exploiting CVE-2015-7501, a Java deserialization vulnerability in JBoss JMXInvokerServlet. It includes steps for setting up a vulnerable environment, using Burp Suite to test for deserialization vulnerabilities, and executing arbitrary commands via Apache Commons Collections gadgets.

Classification

Writeup 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: JBoss JMXInvokerServlet

No auth needed

Prerequisites: Docker · Burp Suite · Vulnerable JBoss instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (28)

Core 28

Core References

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2016-0040.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2670.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2501.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2517.html

Third Party Advisory, VDB Entry vdb-entry

http://www.securityfocus.com/bid/78215

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1034097

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2671.html

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1037052

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1037640

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2522.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2521.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2516.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2500.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2514.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2502.html

Vendor Advisory vendor-advisory

https://rhn.redhat.com/errata/RHSA-2015-2536.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2016-1773.html

Vendor Advisory vendor-advisory

http://rhn.redhat.com/errata/RHSA-2015-2524.html

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1037053

Vendor Advisory

https://access.redhat.com/security/vulnerabilities/2059393

Vendor Advisory

https://access.redhat.com/solutions/2045023

Issue Tracking, Third Party Advisory, VDB Entry, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1279330

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240216-0010/

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Scores

CVSS v3 9.8

EPSS 0.7146

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2016-01-28

ENISA EUVD EUVD-2022-3799

CWE

CWE-502

Status published

Products (24)

commons-collections/commons-collections 0 - 3.2.2Maven

net.sourceforge.collections/collections-generic Maven

org.apache.commons/commons-collections4 0 - 4.1Maven

org.apache.servicemix.bundles/org.apache.servicemix.bundles.collections-generic 4.01Maven

org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-collections 3.2.1Maven

redhat/data_grid 6.0.0

redhat/jboss_a-mq 6.0.0

redhat/jboss_bpm_suite 6.0.0

redhat/jboss_data_virtualization 5.0.0

redhat/jboss_data_virtualization 6.0.0

... and 14 more

Published Nov 09, 2017

Tracked Since Feb 18, 2026