Major bug goes unnoticed in one of Java's most popular libraries, despite getting a CVSS vulnerability score of 10
http://i1-news.softpedia-static.com/images/fitted/340x180/the-vulnerability-that-will-rock-the-entire-java-world.jpg
Back in late January, two security researchers (Gabriel Lawrence and Chris Frohoff) uncovered an RCE (Remote Code Execution) vulnerability in one of the most used Java libraries around, the Apache Commons Collections.
Because the vulnerability is quite hard to understand, despite the researchers' best efforts, the issue went unnoticed for almost the entire year.
A recent talk given by Matthias Kaiser on the same topic (video below) has brought the issue back to light and spurned Steve Breen from Foxglove Security to investigate it even further in a blog post that contains all the details you'll need to successfully exploit it in various scenarios.
Full Article