9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.5%
Name | weblogic_t3_deserialization |
---|---|
CVE | CVE-2015-4852 Exploit Pack |
VENDOR: Oracle | |
NOTES: | |
IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK. |
Weblogicโs AdminServer servlet allows remote administration (often unauthenticated) via the
proprietary T3 protocol. This protocol is similar to RMI in the sense that it depends on the exchange
of serialized Java objects that are then re-serialized. Apache Commons pre-3.2.2 allows users to
serialize transformers on collection values. Of importance to us is the InvokerTransfomer, which
is capable of invoking Java methods. We are able to run these transformers by adding them to an
annotation map whose members are acccessed. The right chain of method invocations leads to arbitrary
code execution.
Version support:
Installer did not support the JVM version unless marked otherwise.
> Ubuntu Linux 14.04.3 - x86
- 10.3.6 on Java SE 6
- 10.3.6 on JRockit 1.6 - NOT SUPPORTED
- 12.2.1 on Java SE 8 ()
- 12.1.2 on Java SE 7 / 8
- 12.1.3 on Java SE 7 / 8
> Windows 7 Ultimate SP 1 x86
- 12.1.3 on Java SE 8 - FAILED
- 12.1.3 on Java SE 7
- 12.1.2 on Java SE 7
- 12.2.1 on Java SE 8 - FAILED
- 12.2.1 on Java SE 6 - Installer does not support Java version
- 12.2.1 on Java SE 7 - Installer does not support Java version
- 10.3.6 on Java SE 6
- 10.3.6 on JRockit 1.6 - NOT SUPPORTED
Repeatability: One Shot
References: [โhttp://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/โ, โhttps://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespreadโ, โhttp://www.oracle.com/technetwork/topcis/security/alert-cve-2015-4852-2763333.htmlโ, โhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7501โ]
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.5%