CVE-2015-4852: Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
First published: Wed Nov 18 2015(Updated: )
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/libcommons-collections3-java | <3.2.1-6ubuntu0.1~ | 3.2.1-6ubuntu0.1~ |
| ubuntu/libcommons-collections3-java | <3.2.2 | 3.2.2 |
| ubuntu/libcommons-collections4-java | <4.1 | 4.1 |
| Oracle virtual desktop infrastructure | <=3.5.2 | |
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.2.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.0.0 | |
| Oracle WebLogic Server | ||
| Oracle Virtual Desktop Infrastructure | <=3.5.2 | |
| Oracle Storagetek Tape Analytics | =2.3 | |
| <=3.5.2 | ||
| =2.3 | ||
| =10.3.6.0.0 | ||
| =12.1.2.0.0 | ||
| =12.1.3.0.0 | ||
| =12.2.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2015/11/17/19
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.securityfocus.com/bid/77539
- http://www.securitytracker.com/id/1038292
- https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852
- https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
- https://www.exploit-db.com/exploits/42806/
- https://www.exploit-db.com/exploits/46628/
- https://issues.apache.org/jira/browse/COLLECTIONS-580
- http://www.openwall.com/lists/oss-security/2015/11/09/1
- http://www.infoq.com/news/2015/11/commons-exploit
- https://blogs.apache.org/foundation/entry/apache_commons_statement_to_widespread
- https://www.kb.cert.org/vuls/id/576313
- https://access.redhat.com/solutions/2045023
- https://www.cve.org/CVERecord?id=CVE-2015-4852
- https://ubuntu.com/security/notices/USN-6936-1
- https://nvd.nist.gov/vuln/detail/CVE-2015-4852
- https://launchpad.net/bugs/cve/CVE-2015-4852
- https://security-tracker.debian.org/tracker/CVE-2015-4852
- http://svn.apache.org/viewvc?view=revision&revision=1713307
- http://svn.apache.org/viewvc?view=revision&revision=1713537
- https://git-wip-us.apache.org/repos/asf?p=commons-collections.git;a=commit;h=b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
- https://ubuntu.com/security/CVE-2015-4852
Frequently Asked Questions
What is the severity of CVE-2015-4852?
The severity of CVE-2015-4852 is considered critical due to its potential for remote code execution.
How do I fix CVE-2015-4852?
To fix CVE-2015-4852, you should upgrade to patched versions of Oracle WebLogic Server or the affected libraries if applicable.
Which versions are affected by CVE-2015-4852?
CVE-2015-4852 affects Oracle WebLogic Server versions 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0.
Can CVE-2015-4852 be exploited remotely?
Yes, CVE-2015-4852 can be exploited remotely by attackers to execute arbitrary code.
What components are involved in CVE-2015-4852?
CVE-2015-4852 involves the WLS Security component in Oracle WebLogic Server and the Apache Commons library.
- agent/type
- agent/title
- agent/severity
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- package-manager/ubuntu
- vendor/oracle
- canonical/oracle virtual desktop infrastructure
- version/oracle virtual desktop infrastructure/3.5.2
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.2.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.0.0
- canonical/oracle storagetek tape analytics
- version/oracle storagetek tape analytics/2.3