CVE-2015-4852

Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

El componente WLS Security en Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado en el tráfico del protocolo T3 al puerto 7001 TCP, relacionado con oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTA: el alcance de esta CVE se limita al producto WebLogic Server.

Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-06-24 CVE Reserved
2015-11-18 CVE Published
2016-07-20 First Exploit
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-08-06 CVE Updated
2024-10-25 EPSS Updated

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (18)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2015/11/17/19	Mailing List
http://www.securityfocus.com/bid/77539	Broken Link
http://www.securitytracker.com/id/1038292	Broken Link
https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852	Broken Link
https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py	Product
-

URL	Date	SRC
https://www.exploit-db.com/exploits/42806	2024-08-06
https://www.exploit-db.com/exploits/46628	2024-08-06
https://www.exploit-db.com/exploits/44552	2016-07-20
https://github.com/nex1less/CVE-2015-4852	2020-11-16
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability	2024-08-06
http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html	2024-08-06

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	2023-12-21
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	2023-12-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	2023-12-21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	2023-12-21
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	2023-12-21

URL	Date	SRC
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html	2023-12-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Virtual Desktop Infrastructure Search vendor "Oracle" for product "Virtual Desktop Infrastructure"				<= 3.5.2 Search vendor "Oracle" for product "Virtual Desktop Infrastructure" and version " <= 3.5.2"		-		Affected
Oracle Search vendor "Oracle"		Storagetek Tape Analytics Sw Tool Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool"				2.3 Search vendor "Oracle" for product "Storagetek Tape Analytics Sw Tool" and version "2.3"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				10.3.6.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.1.2.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.2.0.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.0.0"		-		Affected