Lucene search

K
saintSAINT CorporationSAINT:364F42DDB229F6E8A0EF4BB04CE504D2
HistoryNov 20, 2015 - 12:00 a.m.

Oracle WebLogic Apache Commons library deserialization vulnerability

2015-11-2000:00:00
SAINT Corporation
my.saintcorporation.com
150

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%

Added: 11/20/2015
CVE: CVE-2015-4852
BID: 77539

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Apache Commons is a widely used Java library which is included in WebLogic Server.

Problem

A vulnerability in the Apache Commons library used by Oracle WebLogic allows remote attackers to execute arbitrary commands by sending a specially crafted serialized Java object within a T3 request.

Resolution

Apply the update referenced in the Oracle Security Alert.

References

<https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852&gt;
<http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/&gt;

Limitations

Exploit works on Oracle WebLogic 12.2.1 for Linux.

Platforms

Linux

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%