Remote Command Execution Vulnerability in Oracle WebLogic Server
CVE-2015-4852

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Virtual Desktop Infrastructure
Vendor: CVE Published:; 18 November 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%🦅 CISA Reported

Summary

The vulnerability in Oracle WebLogic Server allows remote attackers to execute arbitrary commands by exploiting a flaw in the WLS Security component. Attackers can send crafted serialized Java objects through T3 protocol traffic on TCP port 7001, leading to unauthorized access and control over the server. This poses a significant risk, especially when attackers can leverage this weakness to manipulate the affected WebLogic Server installations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-4852 - Proof of Concept

serialator
Created by roo7break