7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.5%
Added: 11/20/2015
CVE: CVE-2015-4852
BID: 77539
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.
Apache Commons is a widely used Java library which is included in WebLogic Server.
A vulnerability in the Apache Commons library used by Oracle WebLogic allows remote attackers to execute arbitrary commands by sending a specially crafted serialized Java object within a T3 request.
Apply the update referenced in the Oracle Security Alert.
<https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852>
<http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/>
Exploit works on Oracle WebLogic 12.2.1 for Linux.
Linux