The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities :
The Sites subcomponent is affected by a security bypass vulnerability in the Apache Xalan-Java library due to a failure to properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can exploit this to bypass restrictions and load arbitrary classes or access external resources.
(CVE-2014-0107)
The WLS Security component is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. A remote attacker, via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, can exploit this to execute arbitrary commands. (CVE-2015-4852)
An unspecified vulnerability exists in the WLS-Console subcomponent that allows a remote attacker to affect the integrity of the system. No other details are available. (CVE-2016-0464)
An unspecified vulnerability exists in the Coherence Container subcomponent that allows a remote attacker to affect the confidentiality, integrity, and availability of the system. No other details are available.
(CVE-2016-0572)
An unspecified vulnerability exists in the WLS Java Messaging Service subcomponent that allows a remote attacker to affect the confidentiality, integrity, and availability of the system. No other details are available. (CVE-2016-0573)
Multiple unspecified vulnerabilities exist in the WLS Core Components subcomponent that allow a remote attacker to affect the confidentiality, integrity, and availability of the system. No other details are available. (CVE-2016-0574, CVE-2016-0577)
Binary data oracle_weblogic_server_cpu_jan_2016.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | fusion_middleware | cpe:/a:oracle:fusion_middleware | |
oracle | weblogic_server | cpe:/a:oracle:weblogic_server |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0577
www.nessus.org/u?9c6d83db
www.nessus.org/u?d13bbe45
www.nessus.org/u?e0203be3