Added: 11/20/2015
CVE: CVE-2015-4852
BID: 77539
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
Apache Commons is a widely used Java library which is included in WebLogic Server.
A vulnerability in the Apache Commons library used by Oracle WebLogic allows remote attackers to execute arbitrary commands by sending a specially crafted serialized Java object within a T3 request.
Apply the update referenced in the Oracle Security Alert.
<https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852>
<http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/>
Exploit works on Oracle WebLogic 12.2.1 for Linux.
Linux