Threat Post

Critical Java Bug Extends to Oracle, IBM Middleware

Researchers have built proof-of-concept exploits for an unpatched unserialize vulnerability in Apache Commons Collections, a library used in most Java rollouts. For close to 10 months, a critical ...
Ars Technica

Using an external library in Java (Apache Commons and Eclipse)

I'm trying to use one of the Apache Commons libraries (Math 3.3) in Java with Eclipse. (JDK 1.7 and Eclipse 3/JDT 3.7) And I can't get away from NoClassDefFoundError ...
InfoWorld

Apache Commons EqualsBuilder and HashCodeBuilder

I previously blogged on the Apache Commons ToStringBuilder and discussed how it takes away much of the tedium normally associated with implementing toString methods. While implementing toString() does ...
ZDNet

Java unserialize remote code execution hole hits Commons Collections, JBoss, WebSphere, WebLogic

Researchers from Foxglove Security have reportedly discovered a remote code execution hole in the widely used Apache Commons library, thanks to the insecure method in which Java unserializes objects, ...
Computing

Apache Commons Text vulnerability not as serious as Log4Shell, researchers say

The newly disclosed RCE bug stems from the insecure implementation of Commons Text's variable interpolation feature, but it is hard to exploit Over the last few days, security researchers have been ...
MyBroadband

Major Apache Commons Text vulnerability discovered

A dangerous vulnerability related to reckless string interpolation behaviour has been found in the Java source code library Apache Commons Text, Sophos reports. The flaw is tracked as CVE-2022-42889 ...