[jira] [Created] (HAWQ-151) Investigate if Apache HAWQ is vulnerable to Java remote code execution vulnerability

C.J. Jameson (JIRA) Wed, 11 Nov 2015 17:39:43 -0800

C.J. Jameson created HAWQ-151:
---------------------------------

             Summary: Investigate if Apache HAWQ is vulnerable to Java remote 
code execution vulnerability
                 Key: HAWQ-151
                 URL: https://issues.apache.org/jira/browse/HAWQ-151
             Project: Apache HAWQ
          Issue Type: Task
          Components: External Tables
            Reporter: C.J. Jameson
            Assignee: Lei Chang



There is a remote code execution vulnerability in Apache Commons Collections. 
This vulnerability affects many Java applications and frameworks, so we should 
check if our code is also vulnerable.
Here's the article that started the current debate about this vulnerability, 
including links to the original conference talk: 
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Here's the ticket in Apache's JIRA: 
https://issues.apache.org/jira/browse/COLLECTIONS-580

Other projects' examples of reports and workarounds:
Jenkins has a temporary workaround and a security update is coming this 
Wednesday: 
https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
and Spring already has a fix in version 4.2.3, to be officially released on 
11/16: https://jira.spring.io/browse/SPR-13656



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (HAWQ-151) Investigate if Apache HAWQ is vulnerable to Java remote code execution vulnerability

Reply via email to