Lucene search

K
saintSAINT CorporationSAINT:B8E045060F9ACF0F8D488745DBF66B54
HistoryNov 20, 2015 - 12:00 a.m.

Oracle WebLogic Apache Commons library deserialization vulnerability

2015-11-2000:00:00
SAINT Corporation
www.saintcorporation.com
98

0.967 High

EPSS

Percentile

99.7%

Added: 11/20/2015
CVE: CVE-2015-4852
BID: 77539

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Apache Commons is a widely used Java library which is included in WebLogic Server.

Problem

A vulnerability in the Apache Commons library used by Oracle WebLogic allows remote attackers to execute arbitrary commands by sending a specially crafted serialized Java object within a T3 request.

Resolution

Apply the update referenced in the Oracle Security Alert.

References

<https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852&gt;
<http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/&gt;

Limitations

Exploit works on Oracle WebLogic 12.2.1 for Linux.

Platforms

Linux