CVE-2015-4852 — CRITICAL (9.8)

Q: How severe is CVE-2015-4852?

CVE-2015-4852 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-4852?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Virtual Desktop Infrastructure, Oracle Storagetek Tape Analytics Sw Tool, Oracle Weblogic Server.

Vulnerability Description

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Virtual Desktop Infrastructure	<= 3.5.2
Oracle	Storagetek Tape Analytics Sw Tool	2.3
Oracle	Weblogic Server	10.3.6.0.0

Related Weaknesses (CWE)

CWE-502

References

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-Exploit
http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-DeserializatiExploitThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2015/11/17/19Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.htmlPatch
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlPatchVendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlPatchVendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatchVendor Advisory
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.htVendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlPatchVendor Advisory
http://www.securityfocus.com/bid/77539Broken Link
http://www.securitytracker.com/id/1038292Broken Link
https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852Broken Link
https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.pyProduct
https://www.exploit-db.com/exploits/42806/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46628/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2015-4852?

CVE-2015-4852 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protoco...

How severe is CVE-2015-4852?

CVE-2015-4852 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-4852?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Virtual Desktop Infrastructure, Oracle Storagetek Tape Analytics Sw Tool, Oracle Weblogic Server.